The Internet Is Ripe With In-Browser Miners and It's Getting Worse Each Day

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Ever since mid-September, when Coinhive launched and the whole cryptojacking frenzy started, the Internet has gone crazy with in-browser cryptocurrency miners, and new sites that offer similar services are popping up on a weekly basis.

While one might argue that mining Monero in a site's background is an acceptable alternative to viewing intrusive ads, almost none of these services that have recently appeared provide a way to let users know what's happening, let alone a way to stop mining behavior.

In other words, most are behaving like malware, intruding on users' computers and using resources without permission.
Click to expand...

Coinhive clones everywhere!
We've already covered Coinhive's impact on the malware scene and its quick adoption by malware authors in a separate report. Since then, we also reported on Crypto-Loot, the first Coinhive clone to pop up online.

Since our last reports on Coinhive and Crypto-Loot, respectively, the in-browser cryptocurrency mining market has become incredibly crowded.

Bleeping Computer spotted two new services named MineMyTraffic and JSEcoin, while security researcher Troy Mursch also spotted Coin Have and PPoi, a Coinhive clone for Chinese users.
..
.....
..
On top of this, just last night, Microsoft spotted two new services called CoinBlind and CoinNebula, both offering similar in-browser mining services, with CoinNebula configured in such a way that users couldn't report abuse. Furthermore, none of these two services even have a homepage, revealing their true intentions to be deployed in questionable scenarios.
Click to expand...

Coinhive takes steps into the right direction
Most of the newly spotted Coinhive clones are exactly what you think they are. These are sites that provide a Monero miner specifically built for stealth mining, most likely created and ran for malicious purposes.

Of all the sites we have inspected, only the original Coinhive seems to be interested in being a valid alternative to classic ads. Recently, the service launched a UI widget that lets users start or stop the mining process.

Coinhive-UI-demo.png


The service took another step in the right direction this week on Monday, when Coinhive launched AuthedMine, a service similar to the original Coinhive service, but which won't start until the user clicks an opt-in.


Coinhive launched AuthedMine after criticism from the media, the public, and after ad blockers and antivirus vendors blocked its main domain because of the repeated abuse.
Click to expand...
 
  • Like
Reactions: upnorth, Der.Reisende, insanity and 15 others
D

Deleted member 65228

It was always bound to happen; miners being distributed in software-form were starting to get much more popular also. Now there are web-based in-browser miners, attackers will move to this as the chances of it providing successful results maybe higher than when in software form.

Thankfully, there are script blockers which can prevent crypto-currency mining when we are browsing online. More importantly though, we need to make sure we understand what websites we are viewing and to only view trusted and reputable websites to prevent running into anything harmful or unwanted in the first place if possible.

Some services (e.g. there was one VPN provider which does this now) actually allow crypto-currency mining as a form of payment to use services now. I am not sure how many people were in favour of such a thing though...

Crypto-currency mining may be attempted to be used as an alternate to advertisements, but then it will just be blocked like how ad-blockers were released to stop advertisements. And the chances are, it'll be easier for us to block crypto-currency miners than not. When I use an ad-blocker, I don't think I ever really run into advertisements at all.
 
  • Like
Reactions: kev216, Der.Reisende, vemn and 13 others
grumpy_joe

grumpy_joe

Level 1
Verified
Oct 18, 2017
38
Opcode said:
understand what websites we are viewing and to only view trusted and reputable websites to prevent running into anything harmful or unwanted
Click to expand...
Strongly agree with that statement.
Here is a trusted No Script addon for fireofx which will stop those crypto-currency mining. Keep in mind most of the websites will look broken if you use such extension. :(
NoScript Security Suite
 
  • Like
Reactions: vemn, shukla44, HarborFront and 5 others
A

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
For anyone using AdGuard, you're already opt-in (although I'm not sure which miners this applies to besides Coinhive).
4M296cZ.png


My issue isn't with the mining itself but the fact you can't tell if the website is using one of said miners to generate revenue in place of ads (which I have little problem with as it doesn't infringe on my privacy and can't serve up an exploit kit or malware) or if the website has been compromised and the miner's been inserted to funnel money to blackhats.
 
Last edited:
  • Like
Reactions: upnorth, Der.Reisende, Sunshine-boy and 12 others
D

Deleted member 65228

BryanB said:
Thanks for the heads up on this and I'll admit I'm a little thick but even after reading the article in the link at the top I don't see what it is their mining.
Click to expand...
Crypto-currency. :) Such as Bitcoin, Ethereum, SiaCoin (BTC, ETH, SC).

Crypto-currency are basically currencies which are not "legally used" in real-life but are digital-based. By "legally" I don't mean they are illegal, anyone can use crypto-currency currencies... But the fact is that they are often used for online criminal activity online, via the dark-web for instance. This is because they may be more "anonymous" than using normal currencies via services like PayPal, but that doesn't mean they are full-proof because 100% anonymity/privacy doesn't exist.

Crypto-currency can be exchanged for normal currencies (e.g. BTC to PayPal or Bank Transfer exchanges) on other market-places or with individuals, and then the received money from the exchanged would be usable in the real-world (normal sites like Amazon, in shops via your credit card after the bank transfer, etc.).

Crypto-currency is popular with "trading" as well. For instance, a coin is being sold cheap so you buy a large majority and then if the price increases you sell them and make a profit. People have actually profitted in the hundreds of thousands or millions due to this but it is rare for this to happen to the average person with such a large amount of profit. Completely legal to do this though (there isn't even an age restriction as they aren't seen as "legal currencies" for usage in the real world AFAIK).

Mining crypo-currency is basically generating money through using your system resources.

If you get yourself an ad-blocker like Adguard they are already cracking down on in-browser miners so you'll be safer against them. Signs of mining occurring in-browser could be factors such as high CPU usage from your browser, even while the web-page doesn't seem very demanding at all (I'd imagine at least).
 
  • Like
Reactions: upnorth, Sunshine-boy, vemn and 12 others
D

Deleted member 65228

BryanB said:
Bastardso_OCan you elaborate on this.
Click to expand...
I am not knowledgeable in-depth on crypto-currency mining, I am just starting to research it further. However, the way it works is operations will be performed using your system resources and as a result the people responsible for the mining make money in crypto-currency form. In a situation like you having an active miner either in software or web-form, the owners of it would be making the money while using your system resources... :/

If your resources are used up a lot and for a very long duration, it can also reduce life time of used components. Maybe it is unrealistic to say that systems are damaged in a normal situation but it would be like running an AV scan 24/7 which never stops and keeps in a loop to re-scan recursively, eventually the hardware components will die off due to being overused so much without break.

Active crypto-currency mining will slow you down though I'd imagine since your resources will be used up for other things, leaving less available for things you need to do yourself on your own computer.

It is not uncommon for people to buy good hardware components in bulk for custom builds for use with mining, but there is usually specific hardware designed for mining. I remember recently a lot of GPUs were out of stock because of people wanting to mine a new currency type which there was no specific hardware designed for it, or something alike that.
 
  • Like
Reactions: HarborFront, upnorth, Sunshine-boy and 13 others
LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Opcode said:
I am not knowledgeable in-depth on crypto-currency mining, I am just starting to research it further. However, the way it works is operations will be performed using your system resources and as a result the people responsible for the mining make money in crypto-currency form. In a situation like you having an active miner either in software or web-form, the owners of it would be making the money while using your system resources... :/

If your resources are used up a lot and for a very long duration, it can also reduce life time of used components. Maybe it is unrealistic to say that systems are damaged in a normal situation but it would be like running an AV scan 24/7 which never stops and keeps in a loop to re-scan recursively, eventually the hardware components will die off due to being overused so much without break.
Click to expand...

... yeah... ...thats right.... ...now there is a risk that visiting sites on the web could cause serious damages to your local hardware (e.g. overheating) .... :mad:
 
  • Like
Reactions: upnorth, Der.Reisende, vemn and 10 others
Weebarra

Weebarra

Level 17
Verified
Top Poster
Well-known
Apr 5, 2017
836
What a brilliant explanation @Opcode, thank you. I had obviously read about mining on here but didn't really understand it (surprise, surprise) but today i have actually learnt something, woo hoo, get me (y) P.S. - I have "no coin" extension to help protect me in some way.
 
  • Like
Reactions: upnorth, Sunshine-boy, vemn and 10 others
_CyberGhosT_

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
For those of us that use AdGuard, Boo-Berry over that the AdGuard site has the following added to his "User Rules"

To block Coin Hive:
In addition, I also have these CoinHive rules in my user filter to fully block it.

Code:
||coin-hive.com/lib/coinhive.min.js^$script,empty
||coin-hive.com/lib/cryptonight.wasm
If you want to completely block the CoinHive domain, use this rule (keep in mind you won't be able to visit coin-hive.com with this rule!):

Code:
||coin-hive.com^$empty
Using this last rule is a bit extreme, but it does work.
Quoted from ( Source): Coinhive & similar blocking

** Here you can get a hold of the "Nocoin" list, as well as some other lists you may have not known about or had access to: FilterLists
I added 2 and all I did was click on "Add" and AdGuard did the rest.
Hope this helps. PeAcE
 
Last edited:
  • Like
Reactions: upnorth, Der.Reisende, Sunshine-boy and 9 others
D

Deleted member 65228

shukla44 said:
Yeah, this is the new future, not ads, not malvertizing, but this.... Mining.
Click to expand...
If it allows them to make money then they will do it. Mining has a reduced risk on punishment as well compared to malvertising I'd imagine, which will probably encourage people to do it more than things like that.

Don't worry about it IMO. We will tackle mining just as good as we do when it comes to advertisements/malicious advertisements and pop-ups soon. If you see the post by @_CyberGhosT_ above ( The Internet Is Ripe With In-Browser Miners and It's Getting Worse Each Day ) we can see that Adguard is very useful right now too :)

They aren't going to win without a fight... make them cry and wish they never wasted their time trying to be successful with it!!
 
  • Like
Reactions: Der.Reisende, shukla44, XhenEd and 8 others
R

Robnobreaks

New Member
Nov 25, 2017
1
SO I just re install OS sierra .... lol got backups on usb/ prob infected . got the cryptonight tri .. in avast picks it up only in log var/db/uuidtext/7b/bc...64
malwarebytes does not pick up on it. once I reboot it finds it in the var/db//// folder under same file name..... was a miner for mac that got me.
 
  • Like
Reactions: LASER_oneXM and upnorth
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Wow
    • HaHa
    • +Reputation
A.I. News Apple will not launch its Apple Intelligence and other iOS 18 updates in the EU this year
Replies
2
Views
593
Technology News
Marko :)
Marko :)
Gandalf_The_Grey
    • Like
    • Applause
30 years ago this month, the Mosaic web browser officially launched and changed the world
Replies
4
Views
948
News Archive
simmerskool
simmerskool
Gandalf_The_Grey
    • Applause
    • Like
    • Thanks
New Update iPadOS 18 to Enable Alternative App Stores and Browser Engines in the EU
Replies
0
Views
221
macOS, iOS & iPadOS
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top