TH17105
Detected presence of files containing URLs related to Bitcoin mining pools.
| priority | CI/CD status | severity | effort | RL level | RL assessment |
|---|---|---|---|---|---|
 | pass | high | high | None | None |
About the issueโ
Uniform Resource Locators (URLs) are structured addresses that point to locations and assets on the internet. URLs allow software developers to build complex applications that exchange data with servers that can be hosted in multiple geographical regions. URLs can commonly be found embedded in documentation, configuration files, source code and compiled binaries. Bitcoin (BTC) is a digital currency that uses peer-to-peer technology to facilitate instant payments on the web. Bitcoin mining is the process of creating new bitcoins by solving extremely complicated math problems that verify transactions in the currency exchange. When a bitcoin is successfully mined, the miner receives a predetermined amount of bitcoin. Bitcoin mining is a lucrative, but expensive, venture. For that reason, malicious actors often try to hijack computer systems with the aim to make others cover the mining cost. While presence of Bitcoin mining references does not imply malicious intent, all of its uses in a software package should be documented and approved. Only select applications should consider mining for bitcoin.
How to resolve the issueโ
- Investigate reported detections.
- If the software should not include these network references, investigate your build and release environment for software supply chain compromise.
- You should delay the software release until the investigation is completed, or until the issue is risk accepted.
- Consider removing all references to flagged network locations.
Recommended readingโ
- Bitcoing mining (External resource - Wikipedia)
- Bitcoin.org (External resource)
- Digital currency (External resource - Wikipedia)