Block Browser Coin Miners

Status
Not open for further replies.

tonibalas

Level 40
Verified
Honorary Member
Top Poster
Well-known
Sep 26, 2014
2,973
@Prorootect i don't want to have many addons installed on my browsers.
Even the 3 i have right now are to many for me:LOL:.
Can i ask you which of the 4 miners do you suggest having on a browser based on your experience?
 

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
this latest, minerBlock, cause it blocks (- result is CPU load drop, diminishing)...not only detects, like some other I have, look on precedent post I have updated with complementary details...

It's to you to test many coin mining websites and try those add-ons/extensions which works = which decrease the CPU load.
In my precedent posts you have many links to mining websites as well.

Haha, try papoto mining website: Papoto - The #1 Browser Miner - and get here your add-ons results.
-yeah I see best anti-papoto is to block all scripts, voila.:cool: - but no more papoto website content hahaha so with block third party scripts only and No Coin, NoMiners and minerBlock I have 25-30% of CPU load...on papoto

Best anti JS miner is Policy Control (with block third party scripts).
 
Last edited:
  • Like
Reactions: AtlBo and Weebarra

DavidLMO

Level 4
Verified
Dec 25, 2017
158
Cliqz browser built-in Adblocker blocks the miner on https://papoto[.]com/#/. CPU = 100 % when blocker is turned Off. CPU ~ 2 - 7 % when turned On.

With FF Quantum, when I access this site, it turns Off all my extensions - including Privacy Badger, uBlock Origin, Policy Control, Privacy Settings and DuckDuckGo Privacy Essentials. No - I usually do NOT run these all at once. :) Usually only uBlock Origin.
 
Last edited:

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
I see that many (almost all...) links, domains in the block lists of different mining blockers don't work, are dead!
Probably because of the presence of these blockers, the owners of these domains defend themselves by often changing the addresses of their websites. That's why a good blocker has to do the updates very frequently, every 1-2 days. But some of mining blockers are not updated frequently and then no longer work, do not block.
In real life, nobody is going to click on the weird addresses of websites that do the mining - so I think now, this mining websites problem is a bit exaggerated... I left one or two mining blockers (in Firefox: Mining Blocker and minerBlock - updated yesterday this one) and I come back to other more useful things in life...
 
  • Like
Reactions: AtlBo and Weebarra

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
Coin Mining Blocker is very good!

Firefox:
898807-64.png

Coin Mining Blocker
Block JavaScript coin mining scripts at network level
Here: Coin Mining Blocker – Add-ons for Firefox
FAQs page on add0n.com: Coin Mining Blocker
From FAQ's page:
"Coin Mining Blocker" is an optimized host blocker extension that is adapted to block third-party JS scripts which do digital coin mining during your visit on some websites. The extension displays the total number of blocked scripts in the badge area. It is possible to disable or enable the blocking module by pressing the toolbar button. This extension updates its filtering rules on every browser restart or after 24 hours of the last update.
  • Block well-known JS coin mining scripts in network level
  • Automatic update every 24 hours to get the latest filtering list
  • Uses two active project as the source for filtering rules
  • This extension adds a toolbar button to your browser after installation. When it is active (default behavior), a new network observer is installed which blocks two type of resources ("Script" and "XMLHttpRequest") if the resource hostname matches with the known list of digital coin mining scripts. Since the companies behind these mining scripts are constantly updating their hostname addresses by creating new servers (to bypass adblocker extensions), "Coin Mining Blocker" add-on updates its filtering rules from two different projects.
    The badge displays the total number of blocked scripts that could potentially be used for digital coin mining. To see the actual URLs of these mining scripts hover your mouse over the toolbar button.
    The current status of blocking is displayed in the tooltip of the toolbar button. Note that this extension uninstalls its observer when the extension is not monitoring the network, and hence it uses no resource at all while the observer is disabled.
Chrome:
Coin Mining Blocker
Version: 0.1.0
Updated: December 5, 2017
Size: 63.59KiB
Here: Coin Mining Blocker
 
Last edited:

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
Closing words of the article from badpackets.net:
How to find cryptojacking malware: How to find cryptojacking malware

- excerpt of this article I've posted on MT in General Security Discussions section, thread: How to find cryptojacking malware

So these closing words:

Statistics Comparison
Coinhive remains the market leader for cryptojacking malware. However, many clones it inspired are showing exponential growth rates.



The four Coinhive clones discussed were found on a total of 9,028 websites. CoinImp had the largest market share at roughly 45% while Minr had the smallest at nearly 8%. Crypto-Loot and deepMiner shared the remaining portions at nearly 23% a piece.



However when compared to Coinhive by itself, the other cryptojacking malware providers only account for a modest 18% market share. I would expect Coinhive to remain in the top spot for the foreseeable future.

Closing Remarks
Coinhive is clearly the market leader when it comes to cryptojacking malware as it’s been found on nearly 40,000 websites.

For Chrome users, I recommend using a dedicated extension, minerBlock, to block cryptojacking malware. A Firefox version of this extension is available as well.

The cryptojacking malware discussed in this post is only a portion of what’s currently found in the wild. New variants are discovered frequently, which I share frequently on Twitter. You can also browse the CoinBlockerLists, which is constantly updated by ZeroDot1, where you can find hundreds of domains tied to cryptojacking malware.

The statistics posted in this post were generated from data provided by PublicWWW on 2018-02-07. They are subject to change as PublicWWW regularly updates their index.

____________________________________

Home page of badpackets.net: Bad Packets Report
Twitter account:

Bad Packets Report
@bad_packets
 

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
Don't push your luck.

I would like to remind you, that going looking for cryptocurrency mining websites could easily end up catching the more serious things like ransomwares or other bad things, so you have to be very cautious! If I go on the unknown web, I always go with above all Redirect Control and Policy Control add-ons in Firefox, as minimal defense... Don't push your luck. Don't tempt the devil, he's hungry.
Stop now.

____________________________________

Look too on another topic:
How to find cryptojacking malware
How to find cryptojacking malware
- in 'General Security Discussions' MT section...

____________________________________________________
 
Last edited:

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
Creators of In-Browser Cryptocurrency Miner 'Coinhive' Say Their Reputation Couldn't Be Much Worse
Hackers are planting code on websites designed to use visitors’ computers to mine cryptocurrency. The creators of Coinhive, one of the most popular variants, say they didn’t see it coming.
motherboard.vice.com: Creators of In-Browser Cryptocurrency Miner 'Coinhive' Say Their Reputation Couldn't Be Much Worse


By Joseph Cox
Feb 13 2018, 2:30pm

Hijacking websites to mine cryptocurrency is all the rage. Over the weekend, hackers compromised a popular plugin used by thousands of websites, and tweaked it to inject code that caused visitors’ browsers to generate digital coins on the hackers’ behalf. That campaign took advantage of Coinhive, likely the most popular browser-based cryptocurrency miner at the moment, and which splits any mined cryptocurrency—in this case, Monero—with the Coinhive team.

But in an interview with Motherboard, the anonymous Coinhive developers said they didn’t quite anticipate that hackers would take advantage of their code, and acknowledged that “cryptojacking”, as the practice is sometimes called, is here to stay, at least for a while.

“We were quite overwhelmed by the extremely fast adoption,” a member of the Coinhive team told Motherboard in an email. “In hindsight, we were also quite naive in our assumptions on how the miner would be used. We thought most sites would use it openly, letting their users decide to run it for some goodies, as we did with our test implementation on pr0gramm.com before the launch. Which is not at all what happened in the first few days with Coinhive.”

The project has mined “the equivalent of a few million USD in total,” the team member said. Typically, 70 percent of that will go to the users. But Coinhive added that the recent plugin-related campaign, which also impacted US and UK government websites, only mined only 0.1 Monero, or $24—money which Coinhive says it hasn’t paid out to the attackers. Researchers have also found Coinhive embedded within a number of Android apps.

“Our strongest users have all embedded Coinhive in a meaningful way. They incentivise their users to run the miner and grant rewards for it,” the team member said.

Coinhive launched in September, and is marketed as a legitimate way for website owners to mine revenue, perhaps by replacing adverts with cryptocurrency code, or as a way to generate in-game currency for online games. Typically, in these cases, a website would be expected to clearly inform a user about the mining code. “We believe that in-browser mining could become a viable alternative to micro payments. Users pay with their CPU time and electricity in exchange for contents or services,” the team member said.

Porn sites, gambling sites, forums, and WordPress blogs all use Coinhive, they added. The team don’t specifically track domains, so if a user’s email address is not, for example, “contact@website.com,” Coinhive often don’t know where or how the service is being used, though.

To use the project’s API, users need to sign up for a Coinhive account. The Coinhive team member said they have a “strict policy” against using the service on compromised sites, and that they have banned a number of offending accounts. However, anyone could take the Javascript, mining part of Coinhive, hook it up themselves to the Monero network and run it without the need for a Coinhive account. “There are alternatives to Coinhive and the ability to self-host a server implementation, so we cannot stop all attackers,” they added.

“‘Cryptojacking’ will probably be here to stay for a while. At least until the rising difficulty in the Monero network (and others) makes it impracticable or Browser vendors somehow block CPU heavy websites,” the Coinhive team member said. They caveated that reports of malicious Coinhive use “have slowed down tremendously, as ‘hackers’ realize there's not much to gain with our service."

The wave of hackers adopting Coinhive has arguably already made the project somewhat synonymous with cybercrime.

“Just go a Google search and you’ll find all kinds of ‘How to remove Coinhive Virus’ tutorials. All Antivirus vendors have already blacklisted us,” the team member continued. “I don’t think our image could be much worse.” Coinhive thinks that anti-virus companies may have overstepped when “they report some Javascript code that is securely executed in the Browser’s sandbox as a ‘Trojan.’ It’s misleading their users and scaring them into continuously buying updates.” Instead, that job should fall to adblockers or browser-based privacy extensions, the team member added.

“Food for thought; and we only mean this half serious: embedded miners in compromised websites are usually detected way sooner than other malicious browser scripts. Website owners recognize the breach and are finally forced to update their shitty WordPress installations,” the Coinhive team member added.


______________________________________________


Don't push your luck.

I would like to remind you, that going looking for cryptocurrency mining websites could easily end up catching the more serious things like ransomwares or other bad things, so you have to be very cautious! If I go on the unknown web, I always go with above all Redirect Control and Policy Control add-ons in Firefox, as minimal defense... Don't push your luck. Don't tempt the devil, he's hungry.
Stop now.

____________________________________________
 

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
Hi, new fresh Chrome extension:
BitBlock - Block web CPU miners
BitBlock - Block web CPU miners
upload_2018-2-15_22-57-20.png


upload_2018-2-15_22-56-41.jpeg

offered by adtelly71
Version: 1.1.4
Updated: February 9, 2018
Size: 1.87MiB
Related
Block coin miners using your computer's CPU without your consent.
BitBlock is a browser extension that blocks coin miner such as Coinhive.
Blocks are automatically done to save your CPU from unwanted mining as well as that as a backup measure your CPU is monitored and displayed to you so that you can also manually monitor your browser activity in case any mining url has managed to get through our blocks.
Yo are easily able to view if a miner is using your resources and are able to quickly close your tab to navigate away from such website.

- so very handy, on the yellow head icon you see CPU load! - for each Core on the pop-up too!

Truly, definitely nice, adopted. Thanks to developer!
Matthuffy/bitblock github: github.com/Matthuffy/bitblock: GitHub - Matthuffy/bitblock: Block unwanted bitcoin mining in your web browser and monitor your CPU
 
Last edited:

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
I get the feeling that my ISP is blocking miners.
- cause I don't see mining on mining websites...
.. and i'm not alone: mining is blocked by local ISP • r/EtherMining
And this topic about block of Port 80 (= HTTP traffic) by ISP possibility: How can I tell if my ISP is blocking inbound traffic on port 80??? - Ars Technica OpenForum

and: Can Bitcoin traffic (mining or transaction) be blocked by providers?
How to mine from behind a firewall with most ports shut.: How to mine from behind a firewall with most ports shut.
Mining behind a proxy and restrictive firewall (only http ports allowed) - possible?: Mining behind a proxy and restrictive firewall (only http ports allowed) - possible?
Is it possible to block BTC related traffic in a firewall?: Is it possible to block BTC related traffic in a firewall?


And you?.. what do you think about
- is it the solution to block miners by blocking Port 80 or another port or remote ports, please?
 
Last edited:

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
I've made a Big Innovation... it seems to me:

With my mining website to test windscribe.com/miner/gamvw4hc: Mine for Upgrades - Windscribe - I have today heavy CPU load (89 - 100%CPU...) on CENT.
If I double-click on the icon of my Modal Remover extension, then CPU load drops to 0 to 6%...

So, in Chrome, Modal Remover works like mining removal too, at least on my test website?... try it yourself!

Link to Modal Remover (by thomas.lutzeyer) on Chrome Web Store: Modal Remover
 
Last edited:

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
Here is the continuation of previous post:
On Windscribe test webpage, after double click on "Modal Remover" icon, the stars no longer blink, twinkling-blue stars:

<div class="twinkling-blue"></div>
change after double click to
<div class="stars"></div>

- what's highlighted in Chrome DevTools after you click on "Inspect" button from right-click...if you click first on element below the "Compare Windscribe With Others" inscription.

- that's why CPU load drops...
 
  • Like
Reactions: AtlBo and tonibalas

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
Cryptojacking Test
Check if your browser is affected by cryptojacking!
- on cryptojackingtest.com/: Cryptojacking Test

I have: "You're protected".

"Phew! To always stay protected, download Opera browser and turn on the built-in ad blocker with cryptocurrency mining protection."

-------------------------------------------------------------

To detect BitCoin miner virus:
Search for Registry entries such as ActiveScriptEventConsumer, EventFilter, IntervalTimerInstruction, AbsoluteTimerInstruction, and FilterToConsumerBinding
- it's from this topic:
How to Detect and Remove the BitCoin Miner Virus: on antivirus.comodo.com/blog/: How to Detect and Remove the BitCoin Miner Virus

-----------------------------------------------------------

but but...
"Some miners secretly open pop-under windows so that even when you exit the host website, the script can still run in the background until you properly exit the browser. If you close all your browser windows and still see it as an active process with high CPU usage, there may be an open window hiding behind the taskbar, running the mining script."
- it's from here:
How to tell if your PC is being used to mine cryptocurrency: on trymodern.com: How to tell if your PC is being used to mine cryptocurrency

So beware:mining-ban-300x216.png

------------------------------------------------------------

  1. Bad Packets Report‏ @bad_packets 20h20 hours ago
    I've notified the @latimes about the #cryptojacking malware and advised them to remove it ASAP. Thanks to #PRTG we'll be notified as soon as they remove it.
Bad Packets Report‏ @bad_packets
#Coinhive has just been removed from @latimes "The Homicide Report" website.
4:45 PM - 21 Feb 2018

On Twitter: Bad Packets Report on Twitter
 
Last edited:

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
MINEBLOCK extension is very good!
It's on Chrome Web Store: MINEBLOCK - Block web miners & crypto scripts

I see, that it inject the blocking script on all open tabs in the browser (my CENT), this script (I see if click on Inspect button to go on DevTools/Elements, then click "copy element"):
<script type="text/javascript" src="chrome-extension://d................../js/minerkill.js"></script>

So I'm feel safe with MINEBLOCK...and you:geek:have you MINEBLOCK already?
... and BitBlock too

----------------------------------------------------------

This same work of minerkill.js make on Firefox (my Nightly) the minerBlock add-on (that we have too on Chrome extension) of xd4rker developer...
Home page of MinerBlock: Porter.io
... and link on Firefox add-ons: minerBlock – Add-ons for Firefox

...
 
Last edited:

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
MINEBLOCK extension is very good!
It's on Chrome Web Store: MINEBLOCK - Block web miners & crypto scripts

I see, that it inject the blocking script on all open tabs in the browser (my CENT), this script (I see if click on Inspect button to go on DevTools/Elements, then click "copy element"):
<script type="text/javascript" src="chrome-extension://djmdhfdmhmepphihklmfpigihomjkanf/js/minerkill.js"></script>

So I'm feel safe with MINEBLOCK...and you:geek:have you MINEBLOCK already?
... and BitBlock too
I found 1 website that mineblock fails to protect. Even NoCoin, BitBlock, norton can't protect. Virtually all extensions fail to block
only the 2 lists I shared from a previous post can block it

basically all the extensions you share have similar blocklist, just some extra features and craps, sorry. They copy and paste each others. I entered their github and viewed their source code. They have quite a short blocklist

everyone should stick to ublock origin + the 2 lists I posted. They are better than all these extensions combined

I have more links with more mining hosts that many well-known extensions fail to block. I collected them for testing purpose
 
Last edited:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top