From 173bff67df812b99ffc430ffd0ec168fb680b14a Mon Sep 17 00:00:00 2001
From: Marcel Baumgartner <marcel.kbkm@gmail.com>
Date: Sat, 22 Jul 2023 02:08:39 +0200
Subject: [PATCH] Add basic miner check

---
 .../Services/Background/MalwareScanService.cs | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/Moonlight/App/Services/Background/MalwareScanService.cs b/Moonlight/App/Services/Background/MalwareScanService.cs
index 7db31660..d80fd2c2 100644
--- a/Moonlight/App/Services/Background/MalwareScanService.cs
+++ b/Moonlight/App/Services/Background/MalwareScanService.cs
@@ -162,6 +162,29 @@ public class MalwareScanService
             }
         }
 
+        async Task ScanMinerJar()
+        {
+            var access = await ServerService.CreateFileAccess(server, null!);
+            var fileElements = await access.Ls();
+
+            if (fileElements.Any(x => x.Name == "libraries" && !x.IsFile))
+            {
+                await access.Cd("libraries");
+                
+                fileElements = await access.Ls();
+
+                if (fileElements.Any(x => x.Name == "jdk" && !x.IsFile))
+                {
+                    results.Add(new ()
+                    {
+                        Title = "Found Miner",
+                        Description = "Detected suspicious library directory which may contain a script for miners",
+                        Author = "Marcel Baumgartner"
+                    });
+                }
+            }
+        }
+
         async Task ScanFakePlayerPlugins()
         {
             var access = await ServerService.CreateFileAccess(server, null!);
@@ -190,6 +213,7 @@ public class MalwareScanService
         // Execute scans
         await ScanSelfBot();
         await ScanFakePlayerPlugins();
+        await ScanMinerJar();
 
         return results.ToArray();
     }