How to Block/Stop Cryptojacking Using Adblock

You probably read about how The Pirate Bay was testing out a new system that would dig into your CPU to fuel a cryptocurrency mining operation for itself. Maybe you’re cool with that. Probably you’re not.

If not, you can add a filter to Adblock Plus that will keep your computer from becoming a crypto-mule.

Just take these steps:

1. Go to your list of extensions, or click on the Adblock Plus stop sign.

2. Find Adblock Plus and click on Options.

3. Click the Add your own filters tab at the top. In the text field that appears, enter ||coin-hive.com/lib/coinhive.min.js

4. Click +Add Filter

You’re done!

What is cryptojacking?

What is cryptojacking?

 

Cryptojacking, also called in-browser mining, is using a computer’s resources to mine cryptocurrencies for others’ benefit. Cryptojacking is quite clever and has a distinct advantage over and virus-based mining malware in that nothing needs to be installed on the host computer for the attacker to set your computer to work.

Here’s how cryptojacking works

1. A hacker gains control of a website
2. Malicious JavaScript mining code is installed on web pages
3. When visitors land on an infected web page, the Javascript is loaded into their web browser
4. The JavaScript starts mining cryptocurrency leveraging the visitor’s computing resources and electricity
5. Cryptocurrency coins, or tokens, are deposited into the hacker’s wallet

How it all started: Coinhive’s Monero script

The Pirate Bay was one of the first to cryptojack visitors.

A few weeks ago a company called Coinhive released JavaScript code that, when loaded by a web browser, could mine a cryptocurrency called Monero. The code, behaved just as outlined in the section above. Once installed, computers visiting infected pages of a web site would be put to task mining Monero with their CPU. CPU stands for Central Processing Unit. Normal humans refer to it as a processor. 

The script was quickly adopted by The Pirate Bay who later stated they installed the mining script to generate revenue without serving advertisements to site visitors. 

Why aren’t the hackers mining Bitcoin?

Hackers would make nearly nothing if they attempted to mine Bitcoin. Bitcoin’s algorithms require far more computing power than Monero.

Monero is a secure, private, and untraceable cryptocurrency. It is open-source and accessible to all. With Monero, you are your own bank. Only you control and are responsible for your funds. Your accounts and transactions are kept private from prying eyes.

– Monero website

The original script cited it’s selection of Monero because it can easily be mined by a computer’s CPU. Most cryptocurrencies are best mined with a computer’s graphics card

The Pirate Bay isn’t mainstream, but some infected sites are

It’s unclear how many websites have been coopted to stealthily mine cryptocurrencies, but it’s clearly beyond sites with pirated music and software. 

Since the release of Coinhive’s in-browser miner, several malicious scripts have surfaced on websites including PolitiFact, CBS’ Showtime and Real Madrid soccer star Cristiano Ronaldo’s official web site.

In-browser mining WordPress plugins

WordPress plugins including Coin Hive Ultimate Plugin and Simple Monero Miner. 

That’s right, WordPress site owners with zero coding experience can now easily add coin mining scripts to their websites, with or without the knowledge of site visitors.

How can you tell if you’re computer has been cryptojacked?

A slow or unresponsive computer

A hot or overheating computer

If you think you’re computer is mining, one thing you can do is to check your computer’s resource usage.

 Look at what applications are heavily using the CPU. If it’s the web browser you were surfing the web with this may confirm your fears.

If your CPU is highly tasked, but by anther hungry application, like Photoshop or video editing software, you’re probably not mining, but instead simply pushing your computer too hard. Try closing applications that are consuming large amounts of CPU power and see the computer starts responding normally again.

If your computer was cryptojacked. Here’s how to stop it.

If your computer is suffering from one of the above tell-tale signs when browsing the web, we recommend you take the following steps:

1. Close your web browser – Since these malicious scripts are on webpages, closing your web browser should stop them in their tracks.
2. Restart your computer – If you’ve closed your browser you’re probably safe, but we still recommend restarting your computer.
3. Run a virus scan – Cryptojacking currently occurs when visiting websites, and hasn’t been found to put any code on your computer. But, just to be sure, we recommend running a virus scan for good measure.

That should take care of it, for now. If it doesn’t either things have evolved since writing this or your computer has a bigger problem.

Stopping in-browser mining before it starts

• 
  
• Block suspicious websites – Some browsers have built-in site blocking functionality where you can supply a list of sites you do not wish anyone on the computer to be able to visit. 
  • Others, like Google’s Chrome browser, don’t have built-in functionality and recommend third-party extensions such as Block Site. Either way, if you’ve found a website that you believe to be cryptojacking, block it.
• Install ad blocking software – Some ad blocking software can stop cryptojacking. One specific ad blocker, AdGuard, has integrated CoinHive mining detection into their desktop software.

There is one option we aren’t going to recommend: disabling JavaScript. Yes, it would stop the mining dead in its tracks, but it would also make browsing most mainstream websites next to impossible.

Cryptojacking: You are making Money For Hackers!

Do you ever feel the Internet is especially slow these days? Or have you ever wondered if maybe it’s just your computer that’s getting slower?

Don’t rush to the IT shop to buy a new computer yet … you may have been a victim of a new trick used by malevolent hackers called browser “cryptojacking”

What is cryptojacking?

It’s a new trick used to mine cryptocurrencies on your computer or mobile  using your CPU resources in the background without your knowledge when you browse a compromised/infected website..

 All that a cybercriminal has to do is load a script into your web browser that contains a unique site key to force you to enrich him.

Cryptocurrency is mined, or produced, by solving complex mathematical puzzles. It’s like a lottery: The more computing power you throw at the problems, the likelier you are to win a reward. Every so often, a computer finds a solution and strikes (digital) gold.

The script is written in JavaScript (JS), so it is easy to embed into any web page.

Please note that this technology was demonstrated in 2013 by a group of former MIT students who created a company named TidBit to distribute a BitCoin miner within a web browser

Here's an example of the code:

The above image is an example of a code in which the publisher controls how much of its visitors' CPU to utilize for mining (set by the throttle number:0.5). 

Cryptojacking scripts can add to your processing load but it likely won't be enough for you to notice, which is why cryptojacking remains under the radar. i.e throttle number:0.5. 

The script causes the browser/website to "hijack" the user's CPU and use it to crack an encryption.

The website owner — and the script provider — are paid, while the user typically does not benefit.

In fact, if the script uses enough of their CPU, the quality of their browsing experience is likely to be reduced.

Watch what can happen to your CPU when you visit one of the sites in question:

Microsoft spotted two new services called CoinBlind and CoinNebula, both offering similar in-browser mining services, with CoinNebula configured in such a way that users couldn't report abuse.

Furthermore, none of these two services even have a homepage, revealing their true intentions to be deployed in questionable scenarios.

Examples of use of cryptojacking from the past couple of weeks are when sites like PirateBay and Showtime had the CoinHive JavaScript within their code.

The Pirate Bay, a massively popular site that provides links to pirated movies, TV shows, and music distributed via peer-to-peer torrent networks.

The Pirate Bay added a crypto jacking code onto the site to tap into the huge computing power linked through its users. Many people who actively use The Pirate Bay leave their computers on nearly all day to download, upload, and share movies and TV shows with others. With its built-in culture of sharing, one can only imagine how much money the site was earning off the millions of people who visit it every single day.

Also, a Web Store extension known as SafeBrowse was also reported to use the same script.

Similar other sites that deployed in-browser miners include Showtime, AirAsia, TuneProtect, and the official website of soccer star Cristiano Ronaldo

On top of this, the cryptojacking craze has also spread to WordPress plugins.

I spotted  3 plugins uploaded on the official WordPress repo in the past week:

1.WP Monero Miner with Coin Hive (now removed), 

2.Simple Monero Miner – Coin Hive, and 

3.Coin Hive Ultimate Plugin.

Check this out. A professional plugin - https://codecanyon.net/item/jcmw-javascript-cryptocurrency-miner-for-wordpress/20676760.

Mining Tools:-

hackers developed the mining tools, such as Coinhive, JSEcoin, and Crypto-Loot.

The  service took another step in the right direction this week on Monday, when Coinhive launched AuthedMine, a service similar to the original Coinhive service, but which won't start until the user clicks an opt-in.

Coinhive launched AuthedMine after criticism from the media, the public, and after ad blockers and antivirus vendors blocked its main domain because of the repeated abuse.

Coin-Hive Code link:- https://github.com/cazala/coin-hive

Full list of 3,218 sites that have Coinhive JavaScript enabled http://info.pixalate.com/websites-with-coinhive

Conclusion:-

Cryptominer tools don’t harm your computer, and nothing is stored on your hard drive, so they can’t be considered to be malware in that sense. However, they can be referred to as greyware, meaning they are identified as annoying software, especially when they are set up to consume all of your CPU power.

From Many reports on cryptojacking, many users said they are OK with websites mining Monero in the background if they don't see ads anymore.

The problem is that most of the places where cryptojacking has been spotted still ran hoards of ads. Furthermore, a Trustwave report highlights that running an in-browser miner is not actually free, and this may end up in extra costs for a user's electricity bill.