Malvertising Campaign Mines Cryptocurrency Right in Your Browser

General discussion area and chat

Moderator: satrow

Forum rules
This General Discussions forum is an open chat area, so you can talk about almost any subject. Please keep things civil, though!

Please do try to somewhat stick to the relevance of this forum, which focuses on everything around the Pale Moon project and its user community. "Totally random" subjects don't really belong here, even in the general discussion area.
User avatar
Thehandyman1957
Board Warrior
Board Warrior
Posts: 1617
Joined: Tue, 19 May 2015, 02:26
Location: Arizona U.S.

Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Unread postby Thehandyman1957 » Fri, 15 Sep 2017, 21:34

Thought this was interesting.

Malvertising Campaign Mines Cryptocurrency Right in Your Browser
https://www.bleepingcomputer.com/news/s ... r-browser/
"A common mistake people make when trying to design something
completely FOOLPROOF, is underestimating the ingenuity of complete FOOLS! ;) "

User avatar
helloimustbegoing
Board Warrior
Board Warrior
Posts: 1875
Joined: Thu, 28 Jun 2012, 01:20

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Unread postby helloimustbegoing » Fri, 15 Sep 2017, 22:50

It runs via scripts. Another good reason to use NoScript.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 22012
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Unread postby Moonchild » Sat, 16 Sep 2017, 00:27

Off-topic:
Although I understand some of you love NoScript for what it does, I'm getting really tired of hearing the same'ol every... single... time... there is a mention of potential abuse (and sometimes legitimate use) of scripting for tasks. It's not a magic wand, and you may or may not like it but the reality is that JavaScript is an essential and integral part of the modern web. It's not optional, and NoScript can and will break many sites.

So stop scratching that itch, please. It's exhausting to see it over and over.


Now to get back on-topic for this thread, I'm pretty sure that anyone would notice their CPU going full-bore because of JS-based cryptocurrency mining. On top of that, there is the issue that CPU mining of cryptocurrency is not going to be in any way bringing in more than very small amounts; I doubt that it would even pay for the advertising costs. Not in a world where we have GPU mining and ASICs.
Then there's the issue that malvertising can and will be stopped by ad networks when brought to light, because they have to -- such intrusive actions are equal to computer hacking (the bad kind), especially if no permission was granted and no action was taken by the user.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne

User avatar
Thehandyman1957
Board Warrior
Board Warrior
Posts: 1617
Joined: Tue, 19 May 2015, 02:26
Location: Arizona U.S.

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Unread postby Thehandyman1957 » Sat, 16 Sep 2017, 01:31

Moonchild wrote:It's not optional, and NoScript can and will break many sites.

Off-topic:
Yup, I finally got so sick and tired of trying to figure out what script was being blocked, causing web page

dysfunction that I just un-installed it. I don't miss it at all.


I'm pretty sure that anyone would notice their CPU going full-bore because of JS-based cryptocurrency mining.


I was thinking the same thing, I mean, how would you be able to play the game on the site if it was hogging all you CPU?
"A common mistake people make when trying to design something
completely FOOLPROOF, is underestimating the ingenuity of complete FOOLS! ;) "

User avatar
John connor
Banned user
Banned user
Posts: 553
Joined: Wed, 21 Jan 2015, 05:06

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Unread postby John connor » Sat, 16 Sep 2017, 06:28

I remember reading some time ago that uTorrent had a miner in their client.

coffeebreak
Board Warrior
Board Warrior
Posts: 1342
Joined: Sat, 26 Sep 2015, 04:51
Location: U.S.

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Unread postby coffeebreak » Sat, 16 Sep 2017, 07:41

John connor wrote:I remember reading some time ago that uTorrent had a miner in their client.

Yes, I read about it here - uTorrent bundles Bitcoin Miner, time for some alternatives

User avatar
John connor
Banned user
Banned user
Posts: 553
Joined: Wed, 21 Jan 2015, 05:06

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Unread postby John connor » Sat, 16 Sep 2017, 09:45

I like how uTorrent's response is a flat out lie.

User avatar
Tomaso
Keeps coming back
Keeps coming back
Posts: 956
Joined: Thu, 23 Jul 2015, 16:09
Location: Norway

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Unread postby Tomaso » Sat, 16 Sep 2017, 22:56

Sounds like it might be a good time to try and get PM's old XSS filter up and working again.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 22012
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Unread postby Moonchild » Sun, 17 Sep 2017, 01:14

Tomaso wrote:Sounds like it might be a good time to try and get PM's old XSS filter up and working again.

That won't help with this. the malvertising campaign isn't XSS.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne

dark_moon

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Unread postby dark_moon » Wed, 20 Sep 2017, 19:18

Tomaso wrote:Sounds like it might be a good time to try and get PM's old XSS filter up and working again.

If you got it working, that would be awesome!

User avatar
hujan86
Moonbather
Moonbather
Posts: 71
Joined: Wed, 27 Sep 2017, 06:50

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Unread postby hujan86 » Wed, 27 Sep 2017, 07:21

UBlock Origin is able to block the script, but you have to subscribe to Steven Black's list.
GTribe is a shithole full of bigots, pretenders and liars, and its founder/CEO is a douche.

SierraChart_100 wrote:Firefox started off good and gradually descended into absurdity.

Moonraker wrote:Palemoon is still the only fully customised browser available.

User avatar
Nigaikaze
Keeps coming back
Keeps coming back
Posts: 805
Joined: Sun, 02 Feb 2014, 22:15
Location: Chicago, IL, USA

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Unread postby Nigaikaze » Wed, 27 Sep 2017, 17:18

hujan86 wrote:UBlock Origin is able to block the script, but you have to subscribe to Steven Black's list.

Or EasyPrivacy, which is now blocking the mining scripts on coin-hive.com and jsecoin.com.

User avatar
rabnbeinn
Lunatic
Lunatic
Posts: 294
Joined: Fri, 18 Nov 2011, 20:38
Location: Scotland

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Unread postby rabnbeinn » Wed, 27 Sep 2017, 18:01

A few torrent sites are looking to or already have introduced this crypto-mining malarky (TPB & Noid already experimenting) in order to do away with ads. The community is not happy but I suspect many more ad dependant (torrent) sites may follow...

https://torrentfreak.com/the-pirate-bay-website-runs-a-cryptocurrency-miner-170916/

https://torrentfreak.com/cryptocurrency-miner-targeted-by-anti-virus-and-adblock-tools-170926/

User avatar
John connor
Banned user
Banned user
Posts: 553
Joined: Wed, 21 Jan 2015, 05:06

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Unread postby John connor » Wed, 27 Sep 2017, 22:03

I hate to say this, but looking at the coin-hive site, it seems like a really great way to generate revenue all the while getting rid of those pesky and annoying ADs. You can adjust how much of a person's CPU is used so that you don't tax their complete system. 20%-30% sounds reasonable. Besides, many people have a pretty good CPU and at the rate of 20%-30% that's like just running a Flash-based script. I do wonder about the smart device users though. There are many. I can seeing this being a new way in the future for websites wanting to get rid of ADs. Especially if you have a rather large user base like TPB.

So do I support it? On websites that will only utilize 20%-30% of my CPU, sure. I want to support the site, but I can't stand ADs. Although, I imagine with my use of uBlock, eventually the script will get blacklisted. So I would have to allow it.


Return to “General discussion”

Who is online

Users browsing this forum: No registered users and 2 guests