Websites Secretly Stealing Visitors' Resources Mining Cryptocurrency



  • I've done a bit of reading on this and from what I can glean these are the mining sites being used:

    jsecoin.com
    coin-hive.com
    MINEMYTRAFFIC.COM
    crypto-loot.com
    crypto-loot.eu
    

    I've added these to my hosts file and to uBlockOrigin.
    Not to say there won't be more of these sites popping up with the money that can be made.

    Hope this Helps



  • Turns out uBlock Origin DOES block these mining sites, so if you use it, nothing to edit or add to the scripts:

    https://themerkle.com/ublock-origin-dev ... g-scripts/



  • @felemur
    Good find.
    I follow Gorhil uBlock0 Github, I successfully miss the talk.

    But, judging how popular this issue becomes. It's not surprising if famous subscriptions like Easylist or Easyprivacy list will also follow suit.



  • Some more information came out this morning in the "Help Net Security Newsletter" (https://www.helpnetsecurity.com/2017/11/08/drive-by-cryptocurrency-mining/) including the following link to WordPress add-ons (https://wordpress.org/plugins/search/hive-miner/). Both use the "monero" e-currency and CoinHive.
    Also from Bleeping Computer (https://www.bleepingcomputer.com/news/security/the-internet-is-rife-with-in-browser-miners-and-its-getting-worse-each-day/):
    Snip>>>
    " Microsoft spotted two new services called CoinBlind and CoinNebula, both offering similar in-browser mining services, with CoinNebula configured in such a way that users couldn't report abuse. Furthermore, none of these two services even have a homepage, revealing their true intentions to be deployed in questionable scenarios."
    <<<Snip
    Disabling JS is unfortunately not an option as so many sites are dependent on scripts to display properly.
    Even if on "Opts-in" to avoid ads, the crypto-mining service will cost users in higher electric bills. This will vary of course on where you are. In my location I suspect it would mean an $8 to $12 increase per month.



  • @@greybeard

    ABP rule style block?

    ||coinblind.com^
    ||coinnebula.com^
    

    But... seem those 2 not yet known nor wildly use yet.

    I think it's a karma for us who like to block ads and or tracker ads that cut sites revenue for whatever reasons. Now they got 10x more nastier way. If this also got blocked somehow, best bet they give 100x more nastier.



  • @dleon said in Websites Secretly Stealing Visitors' Resources Mining Cryptocurrency:

    ...
    I think it's a karma for us who like to block ads and or tracker ads that cut sites revenue for whatever reasons. ...

    I doubt karma has much to do with it. The sites that aren't hacked to crypto-mine are doing it simply because they can. Not many websites are "labors of love"... most of them seek to monetize their sites, and just like renting out adspace on their webpages, this is simply one more way to do it. Since every service has a cost to provide it, this is yet another consequence of the "free Internet" revenue model that's become the norm in today's world. As long as that model dominates the scene, this sort of thing will only increase... and I don't yet see other revenue models for sites gaining much success (eg: subscriptions).



  • @dleon just check uBlock filters. All this domains you talking about already in the list.
    0_1510642311247_vivaldi_2017-11-14_11-51-38.png


 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.