Malvertising Campaign Mines Cryptocurrency Right in Your Browser

General discussion area and chat

Moderator: satrow

Forum rules
This General Discussions forum is an open chat area, so you can talk about almost any subject. Please keep things civil, though!

Please do try to somewhat stick to the relevance of this forum, which focuses on everything around the Pale Moon project and its user community. "Totally random" subjects don't really belong here, even in the general discussion area.
User avatar
Thehandyman1957
Board Warrior
Board Warrior
Posts: 1441
Joined: Tue, 19 May 2015, 02:26
Location: Arizona U.S.

Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Postby Thehandyman1957 » Fri, 15 Sep 2017, 21:34

Thought this was interesting.

Malvertising Campaign Mines Cryptocurrency Right in Your Browser
https://www.bleepingcomputer.com/news/s ... r-browser/
"Watch your thoughts; they become words. Watch your words; they become actions. Watch your actions; they become habits. Watch your habits; they become your character. Watch your character; it becomes your destiny."

User avatar
helloimustbegoing
Board Warrior
Board Warrior
Posts: 1787
Joined: Thu, 28 Jun 2012, 01:20

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Postby helloimustbegoing » Fri, 15 Sep 2017, 22:50

It runs via scripts. Another good reason to use NoScript.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 21188
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Postby Moonchild » Sat, 16 Sep 2017, 00:27

Off-topic:
Although I understand some of you love NoScript for what it does, I'm getting really tired of hearing the same'ol every... single... time... there is a mention of potential abuse (and sometimes legitimate use) of scripting for tasks. It's not a magic wand, and you may or may not like it but the reality is that JavaScript is an essential and integral part of the modern web. It's not optional, and NoScript can and will break many sites.

So stop scratching that itch, please. It's exhausting to see it over and over.


Now to get back on-topic for this thread, I'm pretty sure that anyone would notice their CPU going full-bore because of JS-based cryptocurrency mining. On top of that, there is the issue that CPU mining of cryptocurrency is not going to be in any way bringing in more than very small amounts; I doubt that it would even pay for the advertising costs. Not in a world where we have GPU mining and ASICs.
Then there's the issue that malvertising can and will be stopped by ad networks when brought to light, because they have to -- such intrusive actions are equal to computer hacking (the bad kind), especially if no permission was granted and no action was taken by the user.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"The wisest men follow their own direction." - Euripedes

User avatar
Thehandyman1957
Board Warrior
Board Warrior
Posts: 1441
Joined: Tue, 19 May 2015, 02:26
Location: Arizona U.S.

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Postby Thehandyman1957 » Sat, 16 Sep 2017, 01:31

Moonchild wrote:It's not optional, and NoScript can and will break many sites.

Off-topic:
Yup, I finally got so sick and tired of trying to figure out what script was being blocked, causing web page

dysfunction that I just un-installed it. I don't miss it at all.


I'm pretty sure that anyone would notice their CPU going full-bore because of JS-based cryptocurrency mining.


I was thinking the same thing, I mean, how would you be able to play the game on the site if it was hogging all you CPU?
"Watch your thoughts; they become words. Watch your words; they become actions. Watch your actions; they become habits. Watch your habits; they become your character. Watch your character; it becomes your destiny."

User avatar
John connor
Banned user
Banned user
Posts: 553
Joined: Wed, 21 Jan 2015, 05:06

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Postby John connor » Sat, 16 Sep 2017, 06:28

I remember reading some time ago that uTorrent had a miner in their client.

coffeebreak
Board Warrior
Board Warrior
Posts: 1211
Joined: Sat, 26 Sep 2015, 04:51
Location: U.S.

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Postby coffeebreak » Sat, 16 Sep 2017, 07:41

John connor wrote:I remember reading some time ago that uTorrent had a miner in their client.

Yes, I read about it here - uTorrent bundles Bitcoin Miner, time for some alternatives

User avatar
John connor
Banned user
Banned user
Posts: 553
Joined: Wed, 21 Jan 2015, 05:06

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Postby John connor » Sat, 16 Sep 2017, 09:45

I like how uTorrent's response is a flat out lie.

User avatar
Tomaso
Keeps coming back
Keeps coming back
Posts: 810
Joined: Thu, 23 Jul 2015, 16:09
Location: Norway

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Postby Tomaso » Sat, 16 Sep 2017, 22:56

Sounds like it might be a good time to try and get PM's old XSS filter up and working again.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 21188
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Postby Moonchild » Sun, 17 Sep 2017, 01:14

Tomaso wrote:Sounds like it might be a good time to try and get PM's old XSS filter up and working again.

That won't help with this. the malvertising campaign isn't XSS.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"The wisest men follow their own direction." - Euripedes

dark_moon

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Postby dark_moon » Wed, 20 Sep 2017, 19:18

Tomaso wrote:Sounds like it might be a good time to try and get PM's old XSS filter up and working again.

If you got it working, that would be awesome!

User avatar
hujan86
Moonbather
Moonbather
Posts: 52
Joined: Wed, 27 Sep 2017, 06:50

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Postby hujan86 » Wed, 27 Sep 2017, 07:21

UBlock Origin is able to block the script, but you have to subscribe to Steven Black's list.
GTribe is a shithole full of bigots, pretenders and liars, and its founder/CEO is a douche.

SierraChart_100 wrote:Firefox started off good and gradually descended into absurdity.

Moonraker wrote:Palemoon is still the only fully customised browser available.

User avatar
Nigaikaze
Astronaut
Astronaut
Posts: 695
Joined: Sun, 02 Feb 2014, 22:15
Location: Chicago, IL, USA

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Postby Nigaikaze » Wed, 27 Sep 2017, 17:18

hujan86 wrote:UBlock Origin is able to block the script, but you have to subscribe to Steven Black's list.

Or EasyPrivacy, which is now blocking the mining scripts on coin-hive.com and jsecoin.com.

User avatar
rabnbeinn
Lunatic
Lunatic
Posts: 269
Joined: Fri, 18 Nov 2011, 20:38
Location: Scotland

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Postby rabnbeinn » Wed, 27 Sep 2017, 18:01

A few torrent sites are looking to or already have introduced this crypto-mining malarky (TPB & Noid already experimenting) in order to do away with ads. The community is not happy but I suspect many more ad dependant (torrent) sites may follow...

https://torrentfreak.com/the-pirate-bay-website-runs-a-cryptocurrency-miner-170916/

https://torrentfreak.com/cryptocurrency-miner-targeted-by-anti-virus-and-adblock-tools-170926/

User avatar
John connor
Banned user
Banned user
Posts: 553
Joined: Wed, 21 Jan 2015, 05:06

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Postby John connor » Wed, 27 Sep 2017, 22:03

I hate to say this, but looking at the coin-hive site, it seems like a really great way to generate revenue all the while getting rid of those pesky and annoying ADs. You can adjust how much of a person's CPU is used so that you don't tax their complete system. 20%-30% sounds reasonable. Besides, many people have a pretty good CPU and at the rate of 20%-30% that's like just running a Flash-based script. I do wonder about the smart device users though. There are many. I can seeing this being a new way in the future for websites wanting to get rid of ADs. Especially if you have a rather large user base like TPB.

So do I support it? On websites that will only utilize 20%-30% of my CPU, sure. I want to support the site, but I can't stand ADs. Although, I imagine with my use of uBlock, eventually the script will get blacklisted. So I would have to allow it.


Return to “General discussion”

Who is online

Users browsing this forum: franstam, Google Feedfetcher [RSS] and 2 guests