Cryptojacking is Everywhere, It's Getting Worse Each Day

Discussion in 'HardForum Tech News' started by monkeymagick, Oct 19, 2017.

  1. monkeymagick

    monkeymagick [H]News

    Messages:
    480
    Joined:
    Jun 22, 2008
    Excuse the scaremongering, but Bleeping Computer reports that the internet is now full of in-browser mining scripts with no slow down in sight. Previously reporting on the influx of cryptominers ever since Coinhive launched in mid-September, the amount of clones have increased and has spread to its victims like a diseased hooker unto unsuspecting Johns.

    From research on the topic, in-browser miners are usually deployed on questionable websites, such as piracy portals, illegal streaming services, adult portals, and others. A study by Palo Alto of over 1,000 sites engaged in cryptojacking found that 35% of these sites were hosted on .download and .bid domains.

    Not only embedded in a hi-jacked website's code, malicious ads have found their way into ad servers and also WordPress plugins.

    It is crystal clear that malware authors found their next payday in Coinhive. The next place Bleeping Computer expects to see Coinhive deployed next is adware, and especially the type of adware that hijacks search fields and inserts ads into search results.
     
  2. B00nie

    B00nie [H]ardness Supreme

    Messages:
    7,843
    Joined:
    Nov 1, 2012
    Make cryptocurrency illegal already. It's used only for crime.
     
    Stryker7314, Sufu, _l_ and 6 others like this.
  3. Spidey329

    Spidey329 [H]ardForum Junkie

    Messages:
    8,677
    Joined:
    Dec 15, 2003
    Lol.
     
  4. prime2515102

    prime2515102 [H]ard|Gawd

    Messages:
    1,504
    Joined:
    Mar 3, 2003
  5. STrAYeR

    STrAYeR Limp Gawd

    Messages:
    439
    Joined:
    Jan 31, 2005
    Spreading like zombies. This is the exact reason I got anti-miner add-ons.
     
    Armenius and d50man like this.
  6. BulletDust

    BulletDust [H]ardness Supreme

    Messages:
    6,057
    Joined:
    Feb 17, 2016
    NoScript's great if you wanna see half a website.

    Edit the hosts file, make the miners point to the localhost.
     
  7. DTN107

    DTN107 [H]ardness Supreme

    Messages:
    4,744
    Joined:
    Jun 30, 2008
    I think my regular porn sites are doing it as well.
     
  8. Kdawg

    Kdawg Gawd

    Messages:
    935
    Joined:
    Aug 12, 2017
    yes, one site that uploads lots of FHD and 4k porn is running a miner. I block that shit with noscript, and temp unblock when I want to grab the download links.



    my firefox ignores my hosts file. I think Chrome ignores it as well.
    it used to work ages ago, but recently noticed that it doesn't do shit when i try to add spam sites to my hosts.

    so i manually whitelist in noscript until i see enough of the website.
     
    B00nie likes this.
  9. BulletDust

    BulletDust [H]ardness Supreme

    Messages:
    6,057
    Joined:
    Feb 17, 2016
    I'm running Firefox Quantum 57.0b9 and I can assure you that when it comes to cryptojacking, it's not ignoring the hosts file.

    Having said that, I do run Linux. Windows 10 in general probably ignores the hosts file because that'd be giving the end user too much control.

    [​IMG]
     
    naib, jtm55, DeathFromBelow and 3 others like this.
  10. B00nie

    B00nie [H]ardness Supreme

    Messages:
    7,843
    Joined:
    Nov 1, 2012
    Like blocking MS updates, ads and telemetry :D
     
  11. Pieter3dnow

    Pieter3dnow [H]ardness Supreme

    Messages:
    6,790
    Joined:
    Jul 29, 2009
    This is worrying somewhat
     
  12. knowom

    knowom Limp Gawd

    Messages:
    424
    Joined:
    Aug 15, 2008
    Yeah unfortunately it's not really supported yet in FF57.
     
  13. rudedog

    rudedog Gawd

    Messages:
    732
    Joined:
    Dec 23, 2004
    If a site is upfront and notifies you what they are doing, I'm fine with that. As well as only running when said tab/page is in focus, this could be much better then ad infested pages. Sites with heavy ads all over the place are already taking up CPU and bandwidth. At least this would only take up unused CPU cycles while you sit there reading a site. It does not eat any bandwidth other then the original small script loading.

    It could help sites like [H] to receive more revenue then old school ads. The longer you stick around the more money the site can make.

    Again be upfront with your users, this could revolutionize how sites monetize themselves.
     
  14. prime2515102

    prime2515102 [H]ard|Gawd

    Messages:
    1,504
    Joined:
    Mar 3, 2003
    It's also a sneaky way to charge people money (in the form of a higher electric bill) for using a site. I'm sure most people here would be well aware of this, but the average joe would likely be oblivious.
     
    zer0nix and CaptNumbNutz like this.
  15. Putz

    Putz I have a custom title

    Messages:
    5,280
    Joined:
    Jul 8, 2002
    malwarebytes just blocks anything to do with the site, wish the monopoly money fad would die off
     
  16. prime2515102

    prime2515102 [H]ard|Gawd

    Messages:
    1,504
    Joined:
    Mar 3, 2003
    I'm pretty sure Spybot Search and Destroy still uses the hosts file for immunization, and it supports Win10, so I would guess not.
     
  17. rudedog

    rudedog Gawd

    Messages:
    732
    Joined:
    Dec 23, 2004
    I bet for the time spent on a web site like this you would not even see the difference on your electric bill. Again you need to let your clients know what you are doing and not be sneaky about it. I currently pay 11.42 cents per kWh. I bet my Synology NAS costs more to record my video camera data then it would cost to help a bunch of known good web site out where ad revenue has tanked year over year.

    Again I agree don't be sneaky about it, be up front. I just checked out two site and my CPU went to about 52%, had no effect on anything else (photoshop, sketchup, 3DS (slicer for 3Dprinter) all running under load at the same time, without noticeable effect on other programs. What I did notice, is the CPU stayed at 50% when that tab or FF windows was not the one in focus,which I don't agree with.

    There's got to be a better way for sites to support themselves without going full paywall or donations and not be intrusive.
     
    PeaKr likes this.
  18. prime2515102

    prime2515102 [H]ard|Gawd

    Messages:
    1,504
    Joined:
    Mar 3, 2003
    Well that's not so bad then. I thought it would pin all cores at 100% or something.
     
  19. Sikkyu

    Sikkyu I Question Reality

    Messages:
    2,882
    Joined:
    Jan 21, 2010
    just hand over your guns, they are only used for crime.

    How ignorant is this statement?
     
    nightfly, aztekk and GoldenTiger like this.
  20. Vermillion

    Vermillion 2[H]4U

    Messages:
    4,083
    Joined:
    Apr 5, 2007
    This is actually a very interesting conundrum. Technically there is no security issue here so this actually could be used for good instead of the shady ass way it's being used for. Javascript is javascript and it's already running on every page we visit. So why not be open about it and offer it as a way for people to help a website monetize and not need ads?

    For example the [H] could give you the option to either see ads or run mining javascript in the background. It's not going to obliterate your laptop battery or anything. It's not going to raise your power bill. Win-win if you ask me.
     
    RedWagnum likes this.
  21. Axiomatic

    Axiomatic Limp Gawd

    Messages:
    451
    Joined:
    Jun 10, 2004
    Honestly, I would prefer that companies use my CPU for mining than me having to view the advertisements? I definitely do not like the double dipping though. Both mining and advertisements are not ok. I envision a world where I get a choice? Not joking either. If they got to use 1% of my CPU, that is worth it to me to not have to see the advertisements.
     
  22. knowom

    knowom Limp Gawd

    Messages:
    424
    Joined:
    Aug 15, 2008
    Which part of it...it's hard to imagine people still use guns to hunt with outside of the sanctuaries of high rise buildings in the cities where animal life still exists on this planet.
     
    travisty likes this.
  23. OnceSetThisCannotChange

    OnceSetThisCannotChange Limp Gawd

    Messages:
    130
    Joined:
    Sep 15, 2017
    Even better make this into a slider (1-25% CPU usage) and to top it off give some cookies to users who are large supporters.

    It's a win-win-win, choice, no ads and $$$.
     
  24. travisty

    travisty Gawd

    Messages:
    815
    Joined:
    Feb 3, 2016
    I'd love it if the US required people to justify buying a gun.

    Buying a hunting rifle:
    I like to go hunting
    Ok!

    Buying an assault rifle:
    I like to go hunting.
    Nope!

    Buying a handgun:
    I want to protect myself
    Ok!

    Buying a 3rd handgun:
    I want to protect myself
    Umm... don't you already have two guns? Why do you need a thrird?
     
  25. Sikkyu

    Sikkyu I Question Reality

    Messages:
    2,882
    Joined:
    Jan 21, 2010
    again, pretty uninformed every way.
     
    zer0nix, Converge, SeaWulf and 7 others like this.
  26. zkostik

    zkostik Gawd

    Messages:
    931
    Joined:
    Sep 17, 2009
    Except this is designed for malicious mining. Most folks who know anything about cryptocurrency or security will want this crap disabled. I would not allow this on any of my systems under any circumstances.
     
  27. travisty

    travisty Gawd

    Messages:
    815
    Joined:
    Feb 3, 2016
    • Name calling / Insults
    And you lack the ability to critically think - thus what makes sense is over your head ;)
     
  28. Vermillion

    Vermillion 2[H]4U

    Messages:
    4,083
    Joined:
    Apr 5, 2007
    It doesn't have to be malicious. Cryptojacking like in the original article is one thing but offering crypto mining as an alternative to ads is completely different. The key is transparency. Just be very open about the cryptomining option. It would work. I'd do it for the [H] in a heartbeat.
     
  29. OnceSetThisCannotChange

    OnceSetThisCannotChange Limp Gawd

    Messages:
    130
    Joined:
    Sep 15, 2017
    Sure, cryptojacking is malicious as it's intended to be hidden, but more or less the same setup, if offered as an open choice to readers/users would be a legit way to replace ads.
     
  30. zkostik

    zkostik Gawd

    Messages:
    931
    Joined:
    Sep 17, 2009
    My chief issue and concern is that it's designed to mine in the browser without installing anything, agreeing to anything, pretty much you load some page and it uses my hardware, internet, electricity to mine. That is NOT how I envision support for ANY site. You start giving into this sort of crap and it will get abused to help like you're already seeing. You can also forget about visiting such sites at work at it will raise red flags right off the bat. Trust me, this was not a nice helping hand effort to bring easy mining to the masses. This is to allow malicious mining on as many devices as possible including IoT without users knowing. And well, it's spreading like wildfire!
     
  31. SomeoneElse

    SomeoneElse [H]ard|Gawd

    Messages:
    1,745
    Joined:
    Jan 16, 2007
    You realize there is no such thing as an "assault rifle" correct? This is a arbitrary name that the government made up to regulate sales of weapons. A hunting rifle and assault rifle shoot the same caliber as the other. They also can be bolt or semi-auto. I use an AR-15 for varmint hunting (coyotes, prairie dogs, and other pest animals.)
    Should probably stay on topic though.
    We are talking about cryptocurrency not guns. The government says its only used for crime but alot of major companies are starting to accept bitcoins as payment. Is that a crime if they do?
     
    zer0nix, Converge, Spartacus and 3 others like this.
  32. ob1

    ob1 2[H]4U

    Messages:
    2,274
    Joined:
    Apr 17, 2000
    I see a few issues with here, with one being, generally while we are slightly more computer savvy than the a typical user, some of us have kids, wives, family, etc that can be difficult to monitor/control and these things will affect them more than a typical [H] user. The next thing I see is that it is getting so common so fast, when will youtube or google enable these functions? Or the browser creators themselves. Will it be a problem then? Could this be enabled by internet providers? Stuff like that...
     
    knowom likes this.
  33. knowom

    knowom Limp Gawd

    Messages:
    424
    Joined:
    Aug 15, 2008
    Cryptocurrency mining I have a bridge to sell you...just make a donation it's easier and it won't degrade your system parts any in the process nor contribute to that whole global warming carbon footprint thing alarmists are so worried about nor to landfills if you are buying cards intentionally for such purposes. They have these things called alternative energies too btw where you can harvest energy for free which saves/makes money funny how crypotocurrency mining is more popular than Solyndra.
     
  34. OnceSetThisCannotChange

    OnceSetThisCannotChange Limp Gawd

    Messages:
    130
    Joined:
    Sep 15, 2017
    Well... this is why it should be a choice >>> you continue to use the sites/browsers which present this as a choice to the users to turn on or not.

    Ultimately there will be blockers for this as there are for ads, but those will not be necessary for sites which are open about this program.

    In my case, I'd much rather be mining for sites I visit (with a legit option) than be fed all sort of ad based garbage as we currently are.
     
  35. Emission

    Emission [H]ardness Supreme

    Messages:
    4,151
    Joined:
    Dec 6, 2005
    Haven't had any issues using Opera's built-in ad blocker.
     
    knowom likes this.
  36. knowom

    knowom Limp Gawd

    Messages:
    424
    Joined:
    Aug 15, 2008
    Should be a choice, but is it now? Which is the point. Adwords should be a choice as well, but it's mostly isn't because a lot of web sites these days get all pissy if they aren't making free residual income. It's amazing the internet and websites ever worked at all prior to Adword's plastered in 40 spots on every page. It's reached the point to where it's virtually necessary at this point to setup a home proxy server, but it's a technical hurdle and hassle so most people don't and won't. I'm tech savvy enough and could, but haven't bothered setting up a actual dedicated PC router/proxy yet because winter is coming and reasons which is ironic because if I lost internet connection for a few hours at least with a proxy I'd still have cached web pages to view.
     
    Last edited: Oct 19, 2017
  37. Vermillion

    Vermillion 2[H]4U

    Messages:
    4,083
    Joined:
    Apr 5, 2007
    And they're already using your hardware, internet, and electricity to show you a bunch of video playing ads, flash bullshit, and overlays that interrupt the content you want to read. Now they would just be using it in a different way that stays out of your way and isn't using your computer anymore than those shitty ads did.

    Things like uBlock, ABP, and others already block the cryptojacking but wouldn't it be nice to whitelist a site and not have ads but still allow them to monetize in some way? Look I'm not saying this will ever happen. It'll be abused just like ads are. Let's face facts though. Adblocking is getting worse. More and more paywalls are going up. We've seen close up here at the [H] how adblocking hurts content providers. I'm more than willing to look at other ways to monetize. The biggest issue with crypto-mining via javascript is transparency and that can be done well. This could be a very viable alternative to traditional ads. There's no denying that, but a site that gives their users the option to do this needs to be 100% committed to the transparency piece that needs to be done. If you fail with the transparency then the whole thing fails and is no better than the cryptojacking in the original article.

    EDIT: Good chance it all just dies and we all stick with ads. Google apparently looking at killing off browser crypto-mining period. https://www.bleepingcomputer.com/ne...ion-to-stop-in-browser-cryptocurrency-miners/
     
  38. katanaD

    katanaD [H]ard|Gawd

    Messages:
    1,987
    Joined:
    Nov 15, 2016
    man.. that just felt like there is a personal story behind that reference..

    hahahaha
     
    monkeymagick and CaptNumbNutz like this.
  39. Ocean

    Ocean [H]ardness Supreme

    Messages:
    4,924
    Joined:
    Oct 19, 2003
    i would have no problem if hardforum used 5-25% of my desktop cpu/gpu to mine cryptocurrency while im on the site. i want this to be the way that websites pay their content creators internet-wide.

    i want it built into browsers, and adjustable. I want clicks and page views as a metric to die in a fire for the shitty clickbait content they create on the internet. i want time spent on websites and webpages to be the measure of value.
     
    rudedog likes this.
  40. rudedog

    rudedog Gawd

    Messages:
    732
    Joined:
    Dec 23, 2004
    So what you're saying is you would rather have sites like this, sit behind a pay wall? You would have to pay to visit/view a site. This site like many, including my own forums/site require server and interconnect fees. Believe it or not, sites cost money to run