Wednesday, November 8th 2017
Cryptojacking: Over 2,500 Websites Out There to Steal Your CPU Time
Cryptojacking is a new phenomenon, which was popularized by ThePirateBay embedding its website with a Javascript-based crypto-currency miner. It quickly sprung up the debate on whether crypto-currency miners hidden into web-pages could become the revenue model of the future, replacing online advertising or paid subscriptions. Some commentators argue that it's fine as long as users are made sufficiently aware that a website is embedding a miner, and is presented with a choice between ads and the miner. Others were steadfast against the idea as heavy Internet browsing (across multiple tabs), could bring down computers to a crawl, and have a more than tangible impact on electricity bills.
According to an ArsTechnica report, there could be at least 2,500 websites out there, with embedded crypto-currency miners that are hidden from the users. Willem de Groot, an independent cybersecurity researcher told the publication that he estimates JS miners may have proliferated to 2,496 websites, and its adoption is on the rise. Some dishonest websites embed miners as a revenue source in addition to ads and sponsored content. At the heart of the controversy is Coinhive. This company sells easy-to-integrate crypto-currency miners that can be embedded into websites as a revenue source. The company is on a marketing overdrive, writing to siteops and bloggers to spread their miners.
The softest targets of Coinhive appear to be Wordpress blogs that are struggling to make money off cheap ads. This is a troubling trend because blogs that don't disclose running embedded miners risk reducing the credibility of the blogging platform they're based on (Wordpress, Blogger) as a whole, readers would avoid emerging blogs as they'd fear running into hidden miners.
Making matters worse, neither Google, nor Mozilla, have come up with anti-miner measures built into Chrome or Firefox. Ad-block Plus, the popular browser extension that disables web ads, introduced a feature that disables scripts that exhibit mining behavior, with a nascent degree of heuristics. You can also install this Chrome extension to weed-out Coinhive scripts. The more experienced users among you can edit your Hosts file to nullroute Coinhive. Popular anti-virus vendors such as Kaspersky and McAfee, which include anti-phishing features with their software, have set out to identify and block sites with embedded miners.
Source:
ArsTechnica
According to an ArsTechnica report, there could be at least 2,500 websites out there, with embedded crypto-currency miners that are hidden from the users. Willem de Groot, an independent cybersecurity researcher told the publication that he estimates JS miners may have proliferated to 2,496 websites, and its adoption is on the rise. Some dishonest websites embed miners as a revenue source in addition to ads and sponsored content. At the heart of the controversy is Coinhive. This company sells easy-to-integrate crypto-currency miners that can be embedded into websites as a revenue source. The company is on a marketing overdrive, writing to siteops and bloggers to spread their miners.
Making matters worse, neither Google, nor Mozilla, have come up with anti-miner measures built into Chrome or Firefox. Ad-block Plus, the popular browser extension that disables web ads, introduced a feature that disables scripts that exhibit mining behavior, with a nascent degree of heuristics. You can also install this Chrome extension to weed-out Coinhive scripts. The more experienced users among you can edit your Hosts file to nullroute Coinhive. Popular anti-virus vendors such as Kaspersky and McAfee, which include anti-phishing features with their software, have set out to identify and block sites with embedded miners.
19 Comments on Cryptojacking: Over 2,500 Websites Out There to Steal Your CPU Time
EDIT: Never mind, found out anti mining extension for chrome.
addons.opera.com/en/extensions/details/mining-blocker/
addons.mozilla.org/en-US/firefox/addon/miningblocker/
Antiminer (Chrome)
chrome.google.com/webstore/detail/antiminer-no-1-coin-miner/abgnbkcdbiafipllamhhmikhgjolhdaf
Plus it is more efficient against cunt sites that blocks ad-block users and all site that phishing for tracking user activity.
first find was catch on infamous "msm" server
dennikn.sk
And informed about this on safe news web server DSL.sk, 27.9.2017 : www.dsl.sk/article.php?article=20260
www.dsl.sk/article.php?article=20354&title= DSL.sk, 22.10.2017
www.dsl.sk/article.php?article=20264
use yandex to translate
I recommend for all always use the anti-crypto add in your browser + antivir just like addblocks is now in browsers for years ..
-Some of these scripts can use up all 100% of CPU resources.
-There are lots of slow machines that actually need all CPU power just to display 720p video content.
-People that keep 50 tabs open in their browsers.
-Gaming while you have browser with couple of tabs open.
The idea is quite good but people must be aware of that and should have an option to stop/pause it.
Ontopic: I have "Family shield" DNS on the router + uBlock + paid license for BitDefender Internet Security + Malwarebytes Free, which I fire up from time to time. No 3rd party mining on my RIG. On a side note the paid version of bitdefender seems worse to me than the free version.
Good stuff!
While on the topic of extensions, do you know of any extension to block web pages from "bypassing" an adblock? :P I got adblock Origin but some sites tell me to disable it to view the content :c..
-chrome/ium was adding some javascript background tab throttle feature, did that come out?
-does coinhive stuff scale across multiple cores?
-is it only running on the active tab? (that would be nice of them, it's possible since they gave a responsibility message a few weeks ago, i havent tested, consider how ads are only seen on the active tab so it makes sense)
-there are many one click methods to block ads or mining, meaning the situation hasnt changed much, the user still has tons of control, so in that case mining can be considered nicer & something many people may choose to temporarily not block or whitelist on certain sites or time periods