Block Browser Coin Miners

Status
Not open for further replies.

Trooper

Level 17
Verified
Top Poster
Well-known
Aug 28, 2015
801
so something already blocked it. check your adblocker
all these are blocked by NoCoin Filter List and coinblockerlist

EDIT: I found that all of them are blocked by EasyPrivacy

easyprivacy can also protect you from coinming better than those extensions
try to temporarily disable your adblocker and test it against your extensions. You will drop all your extensions

so far, nothing can pass through my adblocker

So all we need is EasyPrivacy to be protected?
 
  • Like
Reactions: JB007 and AtlBo

DavidLMO

Level 4
Verified
Dec 25, 2017
158
One of the problem of Hosts based lists identified in article:

http://blog.netlab.360.com/who-is-stealing-my-power-iii-an-adnetwork-company-case-study-en/

"to avoid being blocked, this ad network provider uses dga domains to host its advertisements. As these DGA.popad domain names are not fixed and changed daily, blocking them become more difficult."

And from the Bleeping article cited above:

"The DGA is extremely efficient in this case because by the time ad blockers detect the new domains from which ads are servers, the ad network DGA generates new domains to use. This means the ad network has a fresh supply of domains, not yet blacklisted on ad blocker lists."
 

Trooper

Level 17
Verified
Top Poster
Well-known
Aug 28, 2015
801
Confirmed, without EasyPrivacy and NoCoin Filters (I had to disable it) AdGuard doesnt block 2 of the 3 links above.

Edit: I reported to AdGuard, they usually "fix" these kind of things very quickly.

Yeah I find AdGuard does not block a lot of what it should. That is why I use Nano Adblocker. Do you have a link to the NoCoin Filter list? I think I found it bu when I tried adding it did not stick for some reason.
 
  • Like
Reactions: JB007 and AtlBo

DavidLMO

Level 4
Verified
Dec 25, 2017
158
If a person does not use cryptocurrency is there anything to worry about? I don't use any that I know of.

Has nothing to do with your use of cryptocurrency. Nothing. They are using YOUR resources to mine for themselves - not you.

(Of course unless you are intentionally mining which you can do with your own copy of Maxthon browser. :) If you use that, it does not eat your CPU alive. Also you must jump thru tons of hoops to get it set up. I am testing it for chuckles.)
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
So all we need is EasyPrivacy to be protected?
not really, but it's surely a good addition
if you use 2 filters from #92, you don't need easyprivacy to against miners. These filters are only for miners and they are updated frequently like signatures for AVs. Easyprivacy can protect against many more things such as trackers. Some users don't like easyprivacy because it may break something
Block Browser Coin Miners
 

Trooper

Level 17
Verified
Top Poster
Well-known
Aug 28, 2015
801
not really, but it's surely a good addition
if you use 2 filters from #92, you don't need easyprivacy to against miners. These filters are only for miners and they are updated frequently like signatures for AVs. Easyprivacy can protect against many more things such as trackers. Some users don't like easyprivacy because it may break something
Block Browser Coin Miners

Thanks. Strange enough, I am not able to add the second filter list to Nano.
 
  • Like
Reactions: JB007 and AtlBo

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
Yeah I find AdGuard does not block a lot of what it should. That is why I use Nano Adblocker. Do you have a link to the NoCoin Filter list? I think I found it bu when I tried adding it did not stick for some reason.

Hi Trooper, I use AdGuard for Windows, so I can add new lists from the filter configuration tab.

Example:

Screenshot
Screenshot

You can add manually the list using this link:
https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/nocoin.txt
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
I see I have an easyprivacy filter in ublock o for edge. is there a way to add the nocoin filter to ublock?

thanks

edit: here is something I found for ublock. I do I add this as a filter?
adblock-nocoin-list/nocoin-ublock.txt at master · hoshsadiq/adblock-nocoin-list · GitHub
do not add that filter because these 2 already include that one

open ublock origin settings -> paste these 2 filters to the box below and click Apply changes. Not sure about ublock for edge
1.PNG
https://raw.githubusercontent.com/ZeroDot1/CoinBlockerLists/master/list.txt
https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/nocoin.txt
 

Trooper

Level 17
Verified
Top Poster
Well-known
Aug 28, 2015
801

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
good reads for everyone about cryptojacking (that anyone can understand):)

Bad Packets Report Retweeted
Sara Kubik, PhD‏ @SaraKubik 11h11 hours ago
Lawyers, I wrote this blog post for you: A plain language post about #cryptojacking that anyone can understand. https://wp.me/p6crog-4m With shoutouts to @bad_packets and @Scott_Helme

---------------------------------------------------------

So:
A plain language post about cryptojacking (that anyone can understand)
sarakubikphd.com: A plain language post about cryptojacking (that anyone can understand) - Sara Kubik, PhD
POSTED ON MARCH 11, 2018 BY SARA KUBIK


Current technology trends and buzzwords include bitcoin, blockchain, artificial intelligence, etc. It can be overwhelming to keep up; one can be intimidated by the tech lingo. I’ve written about tech before and try to explain it in a way that is simple and understandable.

One article I wrote in this plain-language style was about fog computing.

I like to teach lawyers about technology, especially technology that is new and relatively unknown to the masses. So with this in mind, here is what lawyers should know about cryptojacking…

What is cryptojacking?
Think of it as hijacking your computer. To understand cryptojacking in a comparative way, think about when your car is running and you’re parked in neutral. Your engine is running but you’re not revving it.

You wouldn’t rev the engine while in neutral because it doesn’t make sense. You’re in neutral.

Now imagine that a person wearing a ski mask comes along, jumps into your car and and stomps on your gas pedal (I know this is weird …just hang with me for a bit). The act of pushing down on the gas pedal revs your car’s engine. Additionally, you don’t know who that someone is and you have not consented to this action.

Now move this to your computer. You are web surfing and your computer is operating as it normally does. Upon visiting a particular website, your computer’s hard drive suddenly maxes out at 100% capacity. You don’t know why your computer maxed out. And although you may hear your computer whirling and grinding, you may not be aware that the excess computing power of your computer is being used without your permission. That, my friends, is cryptojacking.

Your computer is being used to mine a cryptocurrency for an unknown person who is going to make real money off of this transaction.

When is cryptojacking done?
Whenever a person goes to a webpage that has the cryptojacking code on it. This code is normally in the form of a JavaScript (js) file, which is an extremely common web file. JavaScript is everywhere online, and is considered one of the three languages that all web developers must learn. So we can’t get rid of JavaScript. And although web developers can include these files on their own websites, other people can attack the website and maliciously insert code into the webpage to active a cryptojacking. The original site’s owners may be unaware that this has happened!

In that case, you don’t know who is cryptojacking your computer and neither does the website’s owner!

Why is cryptojacking happening?
To make money for whoever has hijacked your computer. The money is made by mining digital cryptocurrencies at your expense. And you pay for it by increased electricity bills as well as using (without your consent) your computer’s hard drive. Hard drives are mechanical and wear out over time. Again, think back to revving your car engine. A little rev may not hurt the car considerably but extended use of the engine may cause it to be overheated. This is the same for cryptojacked websites… the longer you are on them, the more money the hijacker is making and the hotter your computer, and even your phone, gets.

As cybersecurity expert Scott Hemle explains, when your computer is being cryptojacked, you are inadvertently financing a criminal gang.

We are seeing a surge in cryptojacked websites for many reasons. The cryptocurrency that is most commonly being mined is called Monero, and it is hard to detect who is behind the cryptojacking when this type of currency is being mined. Simply put, it is hard to find the bad guys.

Who is installing the cryptojacking code on a website?
Who knows! As explained above, it is hard to find the attackers in this scheme. The important thing to remember is that the malicious code can be installed without the website owner’s knowledge. So you can’t blame the owner of the website. Shift of liability?

How do you know if a website has cryptojacking on it? I’ll give a step-by-step but it is only for people using a PC that has Windows and Chrome as their browser.

1. Open up your task manager by doing any one of the following:
a. Right-click the Taskbar and click on Task Manager or
b. Open Start, do a search for Task Manager and click the result or
c. Use the Ctrl + Shift + Esc keyboard shortcut or
d. Use the Ctrl + Alt + Del keyboard shortcut and click on Task Manager

2. Click on the Performance tab and note the CPU percentages. Probably less than 100%. Also, notice how the chart to the right is probably jumping up and down but not at constant 100% utilization.

3. Find a webpage that has been cryptojacked. To date thousands of websites have had the JavaScript code in them that cryptojacks a computer. One long-standing example can be seen on http://www.ronpaul.com
...

Look for a continuous 100% CPU reading. Your computer is being cryptojacked.

4. When you are on that cryptojacked site,
a. Take a look at your Task Manager and see that the CPU % is peaked, and may be constantly at 100% (look at the chart to easily see this) = JACKED!!!

How (2) do you protect yourself from having your computer by cryptojacked?
1. Install browser extensions to stop the execution of the code. Some popular ones are
a. No Coin
b. minerBlock
c. ublock
d. Adblock Plus

To find these extensions, just do a Google search for them.

How(3) do you remove the malicious cryptomining code from your website?
1. First find the person who has control over your website. If you’re a solo or small, that may be you (congrats on more non-billable-hour work). If you’re lucky enough to have an in-house IT person, call them, thank them, buy them a coffee and nicely ask them if they know about cryptojacking. If they do not, don’t insult them. Cryptojacking is a new thing and not yet widely known. Show them this blog and politely say, “I think our firm’s website may have been cryptojacked.”

2. Then read this page on what to do. Simply put, you need to remove the JS file that is probably called “coinhive.min.js”.

Some additional things lawyers need to consider:
1. All kinds of “computers” can be cryptojacked. Not just your desktop or laptop, but also you smart phone! And yes it affects Macs and PCs.

2. Can you opt-out of being cryptojacked? Short answer- no. You’re probably unaware that either your site has been affected or your computer has been hijacked.

3. Is bitcoin mining the same thing as cryptojacking? No. Words matter here. Bitcoin mining involves using computers to mine digital currency but it is not operating in an unknown way. Cryptojacking is like a trespass to chattel. It’s not on the up-and-up. It also probably violates the Computer Fraud and Abuse Act (CFAA), as pointed about by attorney Vince Polley.


Cryptojacking likely violates the Computer Fraud and Abuse Act.

4. To date, there are over 100 law firms that are running JavaScript files that cryptojack the computers of people who visit their site. How do I know this? I went to Search Engine for Source Code - PublicWWW.com and searched by “coinhive.min.js” “law firm”

5. Other than understanding that YOUR firm’s website may cryptojack visitors (also known as potential clients), people who have been cryptojacked may want to file suit. It will be hard to find the attackers, prove damages, and where the claim falls (trespass to chattels, neglience?), but for those lawyers focusing on cybersecurity, be aware that cryptojacking will increase.

If you want to learn more, here are some resources:

1. A good video explaining cryptocurrencies

2. A video of an interview with Scott Helme about the government sites that were cryptojacking visitors this year

3. For the technical bits, look at Troy Mursch’s work with cryptojacking here and follow him on Twitter @bad_packets.

Good luck, and contact me if you have any questions sarakubikphd@gmail.com, or on Twitter @sarakubik. And if I e-mail your firm and tell you your website’s been cryptojacked, please look into this. So far, I’ve contacted two law firms and neither has fixed the problem. Their site still cryptojacks you when you visit them. Not good!

---------------------------------------------------

Here you have this ronpaul.com website to test (I have 0%CPU): http://www.ronpaul.com/

--------------------------------------------------

And these two good reads for everyone from thewindowsclub.com:
Block websites from using your CPU to mine Cryptocurrency
...and:
Anti-WebMiner for Windows will stop Cryptojacking Mining Scripts

------------------------------------------------
... at your bookmarks:
Scott Helme twitter: Scott Helme (@Scott_Helme) | Twitter

Lukas Stefanko twitter: Lukas Stefanko (@LukasStefanko) | Twitter
 
Last edited:

cruelsister

Level 43
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
I wish they wouldn't always equate Criminals with Jacking. There are far too many websites (not criminals) that knowingly code in jackers in lieu of other forms of Ad revenue.

Also note that there are a number of ways cryptojacking can work. Some browsers are natively immune to some of them, whereas some browsers will fail for all.
 

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
Protecting Against Cryptojacking: What Can You Do?
Protecting Against Cryptojacking: What Can You Do?

...
"
Practice and Enforce Good Digital Hygiene Practices
Installing a solid anti-virus and endpoint security solution is only the first step; it’s meaningless if you don’t take some cybersecurity initiative on yourself. Digital hygiene best practices include:

  • Installing an ad blocker on your network
  • Disabling JavaScript
  • Installing specialized anti-cryptojacking browser extensions
  • Reviewing third-party software before installing it
  • Removing unnecessary services
  • Practicing spearphishing prevention strategies
Additionally, keep an eye on your website security..."
 

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
Look at this, performance profiling - new idea maybe:

"MinerOff is not signature based nor does it monitor network communications. Instead, MinerOff measures and profiles browser resources for telltale signs of crypto-mining. With tuneable sensitivity settings, MinerOff can detect unusual resource usage and alert when identified. Besides crypto-mining detection, MinerOff's performance profiling can also help detect and terminate long running scripts that have become unresponsive."

- from here: Heilig Defense MinerOff
 

JB007

Level 26
Verified
Top Poster
Well-known
May 19, 2016
1,581
Look at this, performance profiling - new idea maybe:

"MinerOff is not signature based nor does it monitor network communications. Instead, MinerOff measures and profiles browser resources for telltale signs of crypto-mining. With tuneable sensitivity settings, MinerOff can detect unusual resource usage and alert when identified. Besides crypto-mining detection, MinerOff's performance profiling can also help detect and terminate long running scripts that have become unresponsive."

- from here: Heilig Defense MinerOff
Hello @Prorootect , HDMinerOff seems very interesting but have a great CPU use:unsure: , up to 8%.
 
Last edited:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top