Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Internet Is Ripe With In-Browser Miners and It's Getting Worse Each Day (bleepingcomputer.com)

Posted by msmash on from the beware dept.

Catalin Cimpanu, reporting for BleepingComputer: Ever since mid-September, when Coinhive launched and the whole cryptojacking frenzy started, the Internet has gone crazy with in-browser cryptocurrency miners, and new sites that offer similar services are popping up on a weekly basis. While one might argue that mining Monero in a site's background is an acceptable alternative to viewing intrusive ads, almost none of these services that have recently appeared provide a way to let users know what's happening, let alone a way to stop mining behavior. In other words, most are behaving like malware, intruding on users' computers and using resources without permission. [...] Bleeping Computer spotted two new services named MineMyTraffic and JSEcoin, while security researcher Troy Mursch also spotted Coin Have and PPoi, a Coinhive clone for Chinese users. On top of this, just last night, Microsoft spotted two new services called CoinBlind and CoinNebula, both offering similar in-browser mining services, with CoinNebula configured in such a way that users couldn't report abuse. Furthermore, none of these two services even have a homepage, revealing their true intentions to be deployed in questionable scenarios.

4 of 362 comments (clear)

  1. Autocorrect typo? by Hartree · · Score: 4, Informative

    I suspect the submitter meant "rife" rather than "ripe".

    Of course, since "ripe" can mean "stinky", maybe it fits.

  2. Re:Alternative to advertising? by link-error · · Score: 3, Informative

    The problems are that sometimes, I'll leave a webpage up for a day or two in a separate tab because I want to come back to dig deeper into something, but don't want to create a longer lived bookmark. Sometimes, I see a CPU getting chewed up by the browser and I had assumed up to this point it was a bug in the browser or accidental looping javascript error, and I have to start killing off tabs until I find the offending page. Probably miners all along.

    --
    -Unresolved symbol? Byte me!
  3. Re: What is the alternative though by Anonymous Coward · · Score: 2, Informative

    Get a prescription. Insurance wonâ(TM)t pay for it, but you can get as many as the doctor wrote for, with no rescrictions.

    Source: Iâ(TM)m a pharamacist

  4. Re:What is the alternative though by OrangeTide · · Score: 4, Informative

    Someone was nice enough to collect a list of JavaScript vulnerabilities. And I also found a list of Proof of Concepts and many of them are for JavaScript and browser. And includes a nice paragraph description for each.

    I can't prove the earlier post's claim that "[the problem of JavaScript security is] one that's very commonly exploited."
    But it does seem that there are many well known security issues with popular implementations of JavaScript.

    --
    “Common sense is not so common.” — Voltaire