Block Browser Coin Miners

Status
Not open for further replies.

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
this is the gif demonstration, sorry for the low quality and fast speed. I don't know how to make a good gif
MRDDyQB.gif
 

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
if you cant find any miner, it doesn't mean they don't have any miner
use your adblocker, block everything except losital.ru and mebablo.com, you will see your CPU screaming. block them, the CPU stops working
I took losital and mebablo from nocoin blocklist and tried to find websites using these scripts. They are definitely coinminers, trust me

even Who is mining? the first link - drama-cool who uses losital script is not mining but in fact, yes
Who is mining, says "Could not resolve" for your two latest links
 
Last edited:
  • Like
Reactions: AtlBo

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Who is mining, says "Could not resolve" for your two latest links
because themselves cannot be access by browser
the websites are for storing scripts, not for visiting. That's why when you type mebablo.com or losital.ru, you won't be able to access
please check the gif on post #81
as soon as I allowed losital (green), the CPU went up to 40%
default, it was blocked by ublock origin
 

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
this is the gif demonstration, sorry for the low quality and fast speed. I don't know how to make a good gif
MRDDyQB.gif

Yes, there is this Coin Miner script by losital.ru on that website (never heard before)

68747470733a2f2f7265706f7274732d696d672e616467756172642e636f6d2f3870373368516f2e6a7067


Everyday I find a website that is mining without user authorization, I wonder how dangerous it is for mobile users.
 

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
With this gif I have
because themselves cannot be access by browser
the websites are for storing scripts, not for visiting. That's why when you type mebablo.com or losital.ru, you won't be able to access
please check the gif on post #81
as soon as I allowed losital (green), the CPU went up to 40%
default, it was blocked by ublock origin
15 to 17, sometimes 20 or rarely40% CPU load on core 0 of my CPU... . Not 40%...
 
  • Like
Reactions: AtlBo

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
I had problems with posting my previous post...sorry!
Yes, 20 to 40% CPU avec your .gif full-size version, on Nightly.

On Chrome: pics to 100% CPU...100% CPU!

But I don't see miner... where you see miner in DevTools of Firefox, or Chrome?..

where is miner where

Good Night to everyone!
 
Last edited:

MeltdownEnemy

Level 7
Verified
Well-known
Jan 25, 2018
300
the majority antivirus it should take into consideration to include as something relevant the updated zero miners blacklists on its webfilter as if it were an behavior exploit, "a bloodsucker cocktail attack". I am witness that my antivirus give discharge and it underestimated several pages, (torrents hosting, forum & bloggers) but I alway using s as well like evil'sRains Jsscript blockers, my favourite is umatrix with colored tiny-cubes to test into disabling script on visited links.most intrusive attackers taking advantage from the 95 percent naive people, noone distrained is aware, just notice the symptoms, besides saids scripts moult off squama & refuge, and repeat again-again the story, elusives like kui kui. Any website script who is using the main resources should be treated as a very aggressive and offensive mother insult, the adblocker filter shouldbe secondary in case the flies come. as well it is essential to have included proper lists by default totally updated.

Thank you GUYS for share www.whoismining.com, GIF and all links, specially @Prorootect &
@Evjl's Rain for effort.
 
Last edited:

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
MOTTO of MeltdownEnemy: Any website script who is using the main resources should be treated as a very aggressive and offensive

That's why we have the new approach for security tools: the new security tool is born: it's our old Core Temp and other software to monitor the temperature and CPU load, Process Hacker etc... these are security tools of the 21st century, times are really hard for us.
New security approach: monitor temperature and load of CPU.

and don't forget to prick up ears
 

MeltdownEnemy

Level 7
Verified
Well-known
Jan 25, 2018
300
MOTTO of MeltdownEnemy: Any website script who is using the main resources should be treated as a very aggressive and offensive

That's why we have the new approach for security tools: the new security tool is born: it's our old Core Temp and other software to monitor the temperature and CPU load, Process Hacker etc... these are security tools of the 21st century, times are really hard for us.
New security approach: monitor temperature and load of CPU.

and don't forget to prick up ears

ThankYou @Prorootech for effort, very aprecciated tips, i dont think undestand you very well the last phrase, prick up ears
On the others hand, Give me your opinion about this:

Ad Network Uses DGA Algorithm to Bypass Ad Blockers and Deploy In-Browser Miners

in that website they saying that the adblockers and others apps are being violated by undetectable trojan generic who it's generating remote malicious links for send ads and coinhiver toward protected pcs with adblockers, advertising that previously was impossible to introduce in those pcs, like ours.
The report was created by the Qihoo 360 Netlab team.
 

MeltdownEnemy

Level 7
Verified
Well-known
Jan 25, 2018
300
  • Like
Reactions: JB007 and AtlBo

MeltdownEnemy

Level 7
Verified
Well-known
Jan 25, 2018
300
@MeltdownEnemy
prick up ears
- to listen to your fan, that is...

don't click on ads, personally I don't see ads.
Don't have miner in my browsers. - try CryptojackingTest.com: Cryptojacking Test - look on Post #56
- and don't go to "sites that offer free download or adult content"... - I don't do this.

I will take the best precautions, not goin to back on websites with download programs, adults contents, nor click on ads, despite of dripped ads that ublockorigin can't block, Sometimes ads doesn't exist because are invisible popups or hidden div elements on Websites with webplayers for movies & sports match at live, I can't give myself the luxury to pay for a dedicated service. but I will try to follow your advice to the letter. Thanks Prorootect.
 

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
I will take the best precautions, not goin to back on websites with download programs, adults contents, nor click on ads, despite of dripped ads that ublockorigin can't block, Sometimes ads doesn't exist because are invisible popups or hidden div elements on Websites with webplayers for movies & sports match at live, I can't give myself the luxury to pay for a dedicated service. but I will try to follow your advice to the letter. Thanks Prorootect.
Yeah, don't try, but follow.;)
Use Privacy Defense , IDN Safe, Redirect Control, Behind The Overlay, and on Chrome only: Alert Control why not - but new Chrome versions are unharmed at this kind of modal alert windows...maybe
cryptojacking test: Cryptojacking Test
 
  • Like
Reactions: JB007 and AtlBo

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
My thanks to the OP for this topic!!! I noticed that one important thing has been missing from this conversation, which will be the topic of a video (March 16th or so). You'll love it...
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top