Websites Secretly Stealing Visitors' Resources Mining Cryptocurrency



  • Just curious, would Vivaldi browser alert me if this was happening, or is there a setting to prevent it, or......?



  • How would a browser know? You can install some tools to guard your security, like AntiViruses, uBlock Origin and NoScript extensions and the likes, to stop malicious content entering.



  • @ian-coog said in Websites Secretly Stealing Visitors' Resources Mining Cryptocurrency:

    How would a browser know? .......

    I'm not sure if you are actually asking, or if that is a rhetorical question, but either way, I'm no expert - I'm just asking a question to learn what, if anything can be done re: the browser to prevent this.

    If uBlock Origin actually prevents this, great, I run that extension. Are you saying that it would block it for sure, or is that a guess? Since I'm not a computer expert, I'm asking to learn.



  • All that's needed is site code from a server that uses a visiting computer's CPU or GPU to perform calculations to find parts of a valid solution to the coin's hashing algorithm and which involves using results of previous successfull mining solutions. As a cryto-currency gains in acceptance and usage, the creation of new solutions becomes computationally more complex. Rewards are earned in the crypto-currency system by the production of new solutions that generate new currency. The coordination of the computations can be performed by a website's server and earnings gained for the mining operator while the raw calculating is farmed out piecemeal to visitors' CPUs or GPUs. The code employed is embedded in or called up from regular-looking site code, so it can be virtually undetectable beyond those symptoms typical of high CPU or GPU usage: slowdowns, dropping video framerates, higher Internet data consumption, etc. In some cases its impact can be indistinguishable from an ordinary graphics-rich website; however, coupled with viewing a graphics-rich site, the effects become noticeable more quickly.

    When reputable websites are found to be involved in crypto-mining, the mining code usually will have been covertly hacked onto their sites. When less-reputable sites are involved, they intentionally employ the mining code to earn added site income by running the computations on visitor systems and collecting and coordinating the results to collect the mining earnings themselves. Botnet operators have entered the field because of the large numbers of systems (and computational horsepower) over which they tend to gain control. As a crypto-currency becomes more poplular and widespread, the calculations needed to produce a mining result become more complex, so most of the covert crypto-mining is being done with the newer, less-used currencies that are easier/quicker to create solutions for.

    Bottom line: there's no way short of parsing site code itself in search of previously-identified code snippets/calls or looking for strange data traffic patterns to/from the visited site for a browser itself to determine that a website is mining. Neither is practical in the real world.



  • So... basically just disable Javascript to avoid it?

    The problem is like described in @Blackbird post if the script come from the 1st party because we usually need it. 3rd party easily blocked.

    For "don't run Javascript" alone any browser could do it.
    For professional build tool/extension like uBlock0 (or better uMatrix) user could far more fine tune it. But it back to how far user has the ability or knowledge to counter this issue.



  • Script blocker helps, or a specific extension for cryptominers.



  • @hadden89
    For Script blocker, like I said, 1st party script will still be a problem.

    For an extension that block cryptominer, like this Crypto Miner Blocker.
    Seem it only work based on know method (AKA list based). This is a weak point. List based = only known method blocked.



  • @dleon Yup, it gives only basic protection, but not everyone knows how to handle a full scriptblocker (without breaking pages)
    hXXps://mineblock.org/ <- test for mining (replace xx with tt, uses coinhive miner)
    Vivaldi with adblocker+scriptblocker, passed it :)



  • So, uBlock origin won't stop it - right? Or is it a script blocker, not just an ad blocker?

    EDIT : I guess the answer is No, but I just saw dLeon's suggestion of the Crypto Miner Blocker - thanks dLeon.



  • @hadden89
    I re-read that famous Pirate Bay "naughty deed" with Coin Hive. Seem to block 3rd party script already enough for that service.

    Edited:
    Right forgot something, keep watch your CPU.
    We all know Vivaldi sometime spike up. But go suspicious about something if it continues while just in one site.



  • @dleon But it is only a extension with a blacklist in the js file.
    See blaklisted domains https://github.com/lesander/crypto-miner-blocker/blob/master/src/js/blocker.js

    BlackList = [
    
      // CoinHive
      '*://*.coin-hive.com/*',
      '*://*.coinhive.com/*',
      'wss://*.coinhive.com/*',
      'ws://*.coinhive.com/*',
      'wss://*.coin-hive.com/*',
      'ws://*.coin-hive.com/*',
      '*://*/*coinhive*.js*',
      '*://*/*coin-hive*.js*',
    
      // JSECoin
      '*://*.jsecoin.com/*',
    
      // Various scripts
      '*://*/*javascriptminer*.js*',
    
      // CryptoLoot
      'wss://*.crypto-loot.com/*'
    ]
    

    Such blocking can be done in uBlock Origin, too.



  • @gwen-dragon
    So it's true a list based.

    I already expressed my concern about it.



  • @dleon it's better than nothing in any case



  • @felemur
    uBlock & then uBlock0 is a multipurpose tool and not just an ads blocker. Hence it also has a bit of NoScript tool, block script by domain.

    uMatrix in other hand is always an expert tool. It could block entire things either if you set it wrong or you set it right.

    For this cryptominer, what you need to do or learn are what to block and how. Not depended to yet another extension or browser.



  • @ian-coog
    For ABP Filter & uBlock0 My Filter we could "steal" from that list.

    ! Will block anything from these domains
    ||coin-hive.com^
    ||jsecoin.com^
    ||crypto-loot.com^
    
    ! To block Various scripts? Fix me this's too broad.
    *javascriptminer*.js*
    


  • @dleon that's good, added to my uB0 filters just in case



  • If you're simply wanting to block traffic with those coin-related domains, you can also enter them into your system hosts file along with a 127.0.0.1 redirect.



  • @blackbird
    True. That more "all system".



  • @dleon Very true, even more so with "all system".



  • You can only block coin mining if you know the miners domains.
    But what if the coin miner uses a js file which is not easily to be recognized as miner or a domain name which looks normal.
    Perhaps Google malware site database may contain such domains or a Antivirus tool or a blocker extension like uBlockOrigin etc.

    The browser cant say by 100% proof: That is a bad script because it uses much CPU or GPU.
    Such guessing may block some graphic intensive webapps or websites.


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.