Recently the phenomenon of cryptojacking has been following us around. I heard it for the first time a couple of months back when I read the Adguard's blogpost on how the illegal streaming websites were using it to mine cryptocurrencies when users were visiting their sites.
Since then this cancer has metastasized. It started showing symptoms with [Youtube ads mining cryptocurrency], which Google took action on soon after.
Yesterday, it was discovered this has affected over 4000 websites including that of US, UK and Australia government owned entities such as uscourts.gov, gmc-uk.org, manchester.gov.uk and many others. What was discovered that all these websites were affected because they were using a CDN hosted plugin called browseraloud that's used for text to speech to help with those having difficulty reading.
This script - browseraloud - in itself is not the issue here and neither are all those websites using browseraloud. The browseraloud plugin itself was the victim of the hack. Source
And today we find ourselves in the midst of another attack - The desktop app of Telegram has also been affected by cryptojacking.
And Salon.com is way ahead of you! They'll mine Monero on your machine if you have adblocker installed!
Here's a brief primer on what exactly is cryptojacking and what can we do to protect ourselves from it.
1) What is crypto jacking?:
Cryptojacking to me is a "less harmful" version of a ransomware. It's a way to stealth mine cryptocurrency. Just that it can and does work without user's consent of use of their CPU by a third party to make money. It is hacking but only thing they're stealing from you is your CPU and the electricity. All it does is makes your browsing sluggish.
It works by someone clicking on a malicious link. It then injects a JavaScript code into user's browser and which gets executed locally at user's end. The malicious script uses the user's CPU to mine Monero, a valuable privacy oriented cryptocurrency that can be mined using CPU.
It started with CoinHive, but there are other sources too such as Crypto-Loot, Coin Have, JSEcoin etc. Besides, the "cryptojackers" are also using other measures for avoiding detection such as proxies. Some cryptojacking scripts are hosted on IP addresses instead of a domain like coinhive.com.
2) How to protect yourself when you're browsing
Install an adblocker extension on your browser.
Go to settings, and Add a 3rd party filter list that detects cryptojacking, such as NoCoin and MinerBlock:
Keep updating these filters from time to time. You'll need to go to Settings and click on "Update filters" from time to time.
If you don't like to go through the above steps to add and maintain filter list, you may want to install the NoCoin and MinerBlock chrome extensions.
Alternatively, you can modify the hosts.ini file on your computer and add the domains from the above lists and redirect them to localhost instead.
Note that this in itself doesn't guarantee that you won't ever be affected by cryptojacking. But it's a step in the right direction.
My experience so far: I heard about cryptojacking from AdGuard first. I was using AdGuard for years and still do. From the AdGuard's posts, it does look like they detect attempts of CPU mining by websites and alert users about it.
But when the news about the government websites being affected by this broke out, I did open some of these websites such as uscourts.gov and saw the browseraloud script ba.js being executed. I wasn't alerted about it, like AdGuard claimed.
Right now I don't know the correct reason for this. It's possible that one of these is the right reason: I use multiple adblockers, AdGuard as well as uBlock Origin for different purposes. Also, browseraloud itself being a legitimate plugin which was affected. The third one being the CPU usage by the plugin may not have been much, making it difficult to detect. Had I been using a lower config machine, it's possible that it were detected. Fact is, I had to manually add the No coin filter mentioned above in uBlock Origin extension.
If you know a better way to go about it, or have any questions, let me know!
Further reading:
- https://authentic8.blog/cryptojacking-101/
- https://crypto.adguard.com/
- https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-making-millions-operators
Update 1:
I will keep updating when there's something worthwhile. So here's one for today.
If you're suspicious of a particular website whether it's crypto mining or not, you can visit http://whoismining.com/ and see for yourself. I would say don't rely on it but it's best to have a tool for cross reference when you're suspicious of a website.
Update 2:
Mother of God. There's actually a website that's hiding cryptocurrency miner in a favicon. Read more here: https://twitter.com/xbs/status/963796410100604929
Some more activity happening in this world: https://twitter.com/GossiTheDog/status/966748041897299968
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Disclaimer: I am just a bot trying to be helpful.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit