Malvertising Campaign Mines Cryptocurrency Right in Your Browser

General discussion and chat (archived)
Thehandyman1957

Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Unread post by Thehandyman1957 » 2017-09-15, 21:34

Thought this was interesting.

Malvertising Campaign Mines Cryptocurrency Right in Your Browser
https://www.bleepingcomputer.com/news/s ... r-browser/

User avatar
ron_1
Moon Magic practitioner
Moon Magic practitioner
Posts: 2852
Joined: 2012-06-28, 01:20

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Unread post by ron_1 » 2017-09-15, 22:50

It runs via scripts. Another good reason to use NoScript.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35481
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Unread post by Moonchild » 2017-09-16, 00:27

Off-topic:
Although I understand some of you love NoScript for what it does, I'm getting really tired of hearing the same'ol every... single... time... there is a mention of potential abuse (and sometimes legitimate use) of scripting for tasks. It's not a magic wand, and you may or may not like it but the reality is that JavaScript is an essential and integral part of the modern web. It's not optional, and NoScript can and will break many sites.

So stop scratching that itch, please. It's exhausting to see it over and over.
Now to get back on-topic for this thread, I'm pretty sure that anyone would notice their CPU going full-bore because of JS-based cryptocurrency mining. On top of that, there is the issue that CPU mining of cryptocurrency is not going to be in any way bringing in more than very small amounts; I doubt that it would even pay for the advertising costs. Not in a world where we have GPU mining and ASICs.
Then there's the issue that malvertising can and will be stopped by ad networks when brought to light, because they have to -- such intrusive actions are equal to computer hacking (the bad kind), especially if no permission was granted and no action was taken by the user.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Thehandyman1957

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Unread post by Thehandyman1957 » 2017-09-16, 01:31

Moonchild wrote:It's not optional, and NoScript can and will break many sites.
Off-topic:
Yup, I finally got so sick and tired of trying to figure out what script was being blocked, causing web page

dysfunction that I just un-installed it. I don't miss it at all.
I'm pretty sure that anyone would notice their CPU going full-bore because of JS-based cryptocurrency mining.
I was thinking the same thing, I mean, how would you be able to play the game on the site if it was hogging all you CPU?

John connor

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Unread post by John connor » 2017-09-16, 06:28

I remember reading some time ago that uTorrent had a miner in their client.

coffeebreak
Moon Magic practitioner
Moon Magic practitioner
Posts: 2986
Joined: 2015-09-26, 04:51
Location: U.S.

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Unread post by coffeebreak » 2017-09-16, 07:41

John connor wrote:I remember reading some time ago that uTorrent had a miner in their client.

Yes, I read about it here - uTorrent bundles Bitcoin Miner, time for some alternatives

John connor

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Unread post by John connor » 2017-09-16, 09:45

I like how uTorrent's response is a flat out lie.

User avatar
Tomaso
Board Warrior
Board Warrior
Posts: 1622
Joined: 2015-07-23, 16:09
Location: Norway

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Unread post by Tomaso » 2017-09-16, 22:56

Sounds like it might be a good time to try and get PM's old XSS filter up and working again.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35481
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Unread post by Moonchild » 2017-09-17, 01:14

Tomaso wrote:Sounds like it might be a good time to try and get PM's old XSS filter up and working again.
That won't help with this. the malvertising campaign isn't XSS.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

dark_moon

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Unread post by dark_moon » 2017-09-20, 19:18

Tomaso wrote:Sounds like it might be a good time to try and get PM's old XSS filter up and working again.
If you got it working, that would be awesome!

User avatar
hujan86
Fanatic
Fanatic
Posts: 194
Joined: 2017-09-27, 06:50

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Unread post by hujan86 » 2017-09-27, 07:21

UBlock Origin is able to block the script, but you have to subscribe to Steven Black's list.
Avatar's Source: yereverluvinuncleber

User avatar
Nigaikaze
Board Warrior
Board Warrior
Posts: 1322
Joined: 2014-02-02, 22:15
Location: Chicagoland

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Unread post by Nigaikaze » 2017-09-27, 17:18

hujan86 wrote:UBlock Origin is able to block the script, but you have to subscribe to Steven Black's list.
Or EasyPrivacy, which is now blocking the mining scripts on coin-hive.com and jsecoin.com.
Nichi nichi kore ko jitsu = Every day is a good day.

User avatar
rabnbeinn
Lunatic
Lunatic
Posts: 350
Joined: 2011-11-18, 20:38
Location: Scotland

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Unread post by rabnbeinn » 2017-09-27, 18:01

A few torrent sites are looking to or already have introduced this crypto-mining malarky (TPB & Noid already experimenting) in order to do away with ads. The community is not happy but I suspect many more ad dependant (torrent) sites may follow...

https://torrentfreak.com/the-pirate-bay-website-runs-a-cryptocurrency-miner-170916/

https://torrentfreak.com/cryptocurrency-miner-targeted-by-anti-virus-and-adblock-tools-170926/

John connor

Re: Malvertising Campaign Mines Cryptocurrency Right in Your Browser

Unread post by John connor » 2017-09-27, 22:03

I hate to say this, but looking at the coin-hive site, it seems like a really great way to generate revenue all the while getting rid of those pesky and annoying ADs. You can adjust how much of a person's CPU is used so that you don't tax their complete system. 20%-30% sounds reasonable. Besides, many people have a pretty good CPU and at the rate of 20%-30% that's like just running a Flash-based script. I do wonder about the smart device users though. There are many. I can seeing this being a new way in the future for websites wanting to get rid of ADs. Especially if you have a rather large user base like TPB.

So do I support it? On websites that will only utilize 20%-30% of my CPU, sure. I want to support the site, but I can't stand ADs. Although, I imagine with my use of uBlock, eventually the script will get blacklisted. So I would have to allow it.

Locked