A Surge of Sites and Apps Are Exhausting Your CPU To Mine Cryptocurrency

Dan Goodin, writing for ArsTechnica: The Internet is awash with covert crypto currency miners that bog down computers and even smartphones with computationally intensive math problems called by hacked or ethically questionable sites. The latest examples came on Monday with the revelation from antivirus provider Trend Micro that at least two Android apps with as many as 50,000 downloads from Google Play were recently caught putting crypto miners inside a hidden browser window. The miners caused phones running the apps to run JavaScript hosted on Coinhive.com, a site that harnesses the CPUs of millions of PCs to mine the Monero crypto currency. In turn, Coinhive gives participating sites a tiny cut of the relatively small proceeds. Google has since removed the apps, which were known as Recitiamo Santo Rosario Free and SafetyNet Wireless App. Last week, researchers from security firm Sucuri warned that at least 500 websites running the WordPress content management system alone had been hacked to run the Coinhive mining scripts. Sucuri said other Web platforms -- including Magento, Joomla, and Drupal -- are also being hacked in large numbers to run the Coinhive programming interface.

Again?

[110010001000]

Slashdot keeps mentioning this. Are you considering adding this to the website? That would be cool!

Not all web apps work with just HTML and CSS

[tepples]

If people still knew how to write HTML, almost no web site would need to use any "JavaScript" or other "active content"

How would, say, a web-based front-end to an IRC server work without script? It needs to know when messages have arrived in order to display them. The same is true of a multi-user whiteboard, which needs to know when another user has drawn a stroke. In addition, server-side image map doesn't support drag input, only click input.

Or should those instead be native executables that a user can download, install, and use? If so, then because native executables are generally specific to one operating system, Murphy's law holds that such an application will inevitably be designed for an operating system other than the one your device regularly runs. And it's still "software [manually] downloaded from arbitrary foreign sources".

Or should real-time interactive applications instead be written for the Java Virtual Machine or the .NET Common Language Runtime? Even though one such executable can run on multiple desktop operating systems, it still generally excludes iOS and Android, and it's stlil "software [manually] downloaded from arbitrary foreign sources".

Why is this any different?

With all the garbage that most sites want to run on our CPU's to serve ads and do all sorts of tracking why is crypto currency mining any different? Every sinle page that you hit on the internet has TONS and TONS of javascript crap that wants to run. All of this nonsense wastes our CPU power for the benefit of the site we are using. Is it just the direct revenue that we are offended by all of a sudden? Tracking code profits them directly. Offloading tasks onto your machine that should be done on their web server profits them directly by allowing them to run a smaller footprint of less powerful servers.

If you want to stop this nonsense install a javascript blocker. Noscript and adblock plus are great add ons that will improve your browser experience. For those sites that have ad block blockers? Fuck them. I hit the back button and never go to those sites. There's millions of alternative sites out there to get the same information who's not going to be tacky about a user putting their foot down to what's run on their system.

Web designers really need to think about all the javascript garbage that they are packing their pages with and how their users are just going to start blocking them. I browse the web on a 5ghz i7700k with 64gb ram. I still don't want this bullshit slowing down my experience or wasting my electricity running tasks for the benefit of a for profit business.

I'm actually glad people are finally using this for more nefarious purposes. It's going to get us visibility into an issue with the web today. This is an out of control wild west practice that needs to be curbed. If more users start using noscript designers will need to think twice before packing their pages full of crap.

BTW for you web designer assholes. I'm GLAD that blocking all your garbage causes you issues. I'm glad it costs you directly in your ad revenue and I'm glad that your web statistics are not accurate. Fuck you people and your abusive use of my computing resources.