Websites Secretly Stealing Visitors' Resources Mining Cryptocurrency
-
Just curious, would Vivaldi browser alert me if this was happening, or is there a setting to prevent it, or......?
-
How would a browser know? You can install some tools to guard your security, like AntiViruses, uBlock Origin and NoScript extensions and the likes, to stop malicious content entering.
-
@ian-coog said in Websites Secretly Stealing Visitors' Resources Mining Cryptocurrency:
How would a browser know? .......
I'm not sure if you are actually asking, or if that is a rhetorical question, but either way, I'm no expert - I'm just asking a question to learn what, if anything can be done re: the browser to prevent this.
If uBlock Origin actually prevents this, great, I run that extension. Are you saying that it would block it for sure, or is that a guess? Since I'm not a computer expert, I'm asking to learn.
-
All that's needed is site code from a server that uses a visiting computer's CPU or GPU to perform calculations to find parts of a valid solution to the coin's hashing algorithm and which involves using results of previous successfull mining solutions. As a cryto-currency gains in acceptance and usage, the creation of new solutions becomes computationally more complex. Rewards are earned in the crypto-currency system by the production of new solutions that generate new currency. The coordination of the computations can be performed by a website's server and earnings gained for the mining operator while the raw calculating is farmed out piecemeal to visitors' CPUs or GPUs. The code employed is embedded in or called up from regular-looking site code, so it can be virtually undetectable beyond those symptoms typical of high CPU or GPU usage: slowdowns, dropping video framerates, higher Internet data consumption, etc. In some cases its impact can be indistinguishable from an ordinary graphics-rich website; however, coupled with viewing a graphics-rich site, the effects become noticeable more quickly.
When reputable websites are found to be involved in crypto-mining, the mining code usually will have been covertly hacked onto their sites. When less-reputable sites are involved, they intentionally employ the mining code to earn added site income by running the computations on visitor systems and collecting and coordinating the results to collect the mining earnings themselves. Botnet operators have entered the field because of the large numbers of systems (and computational horsepower) over which they tend to gain control. As a crypto-currency becomes more poplular and widespread, the calculations needed to produce a mining result become more complex, so most of the covert crypto-mining is being done with the newer, less-used currencies that are easier/quicker to create solutions for.
Bottom line: there's no way short of parsing site code itself in search of previously-identified code snippets/calls or looking for strange data traffic patterns to/from the visited site for a browser itself to determine that a website is mining. Neither is practical in the real world.
-
Script blocker helps, or a specific extension for cryptominers.
-
@dleon Yup, it gives only basic protection, but not everyone knows how to handle a full scriptblocker (without breaking pages)
hXXps://mineblock.org/ <- test for mining (replace xx with tt, uses coinhive miner)
Vivaldi with adblocker+scriptblocker, passed it -
So, uBlock origin won't stop it - right? Or is it a script blocker, not just an ad blocker?
EDIT : I guess the answer is No, but I just saw dLeon's suggestion of the Crypto Miner Blocker - thanks dLeon.
-
@dleon it's better than nothing in any case
-
@dleon that's good, added to my uB0 filters just in case
-
If you're simply wanting to block traffic with those coin-related domains, you can also enter them into your system hosts file along with a 127.0.0.1 redirect.
-
@dleon Very true, even more so with "all system".
-
I've done a bit of reading on this and from what I can glean these are the mining sites being used:
jsecoin.com coin-hive.com MINEMYTRAFFIC.COM crypto-loot.com crypto-loot.eu
I've added these to my hosts file and to uBlockOrigin.
Not to say there won't be more of these sites popping up with the money that can be made.Hope this Helps
-
Turns out uBlock Origin DOES block these mining sites, so if you use it, nothing to edit or add to the scripts:
https://themerkle.com/ublock-origin-dev ... g-scripts/
-
Some more information came out this morning in the "Help Net Security Newsletter" (https://www.helpnetsecurity.com/2017/11/08/drive-by-cryptocurrency-mining/) including the following link to WordPress add-ons (https://wordpress.org/plugins/search/hive-miner/). Both use the "monero" e-currency and CoinHive.
Also from Bleeping Computer (https://www.bleepingcomputer.com/news/security/the-internet-is-rife-with-in-browser-miners-and-its-getting-worse-each-day/):
Snip>>>
" Microsoft spotted two new services called CoinBlind and CoinNebula, both offering similar in-browser mining services, with CoinNebula configured in such a way that users couldn't report abuse. Furthermore, none of these two services even have a homepage, revealing their true intentions to be deployed in questionable scenarios."
<<<Snip
Disabling JS is unfortunately not an option as so many sites are dependent on scripts to display properly.
Even if on "Opts-in" to avoid ads, the crypto-mining service will cost users in higher electric bills. This will vary of course on where you are. In my location I suspect it would mean an $8 to $12 increase per month. -
@dleon said in Websites Secretly Stealing Visitors' Resources Mining Cryptocurrency:
...
I think it's a karma for us who like to block ads and or tracker ads that cut sites revenue for whatever reasons. ...I doubt karma has much to do with it. The sites that aren't hacked to crypto-mine are doing it simply because they can. Not many websites are "labors of love"... most of them seek to monetize their sites, and just like renting out adspace on their webpages, this is simply one more way to do it. Since every service has a cost to provide it, this is yet another consequence of the "free Internet" revenue model that's become the norm in today's world. As long as that model dominates the scene, this sort of thing will only increase... and I don't yet see other revenue models for sites gaining much success (eg: subscriptions).
-
@dleon just check uBlock filters. All this domains you talking about already in the list.