Page 1 of 1

Silent Crypto Miners Appearing on Websites

Posted: Sun Sep 17, 2017 11:36 am
by gotitbro
I just came across a website that was using a silent JavaScript miner (crypto miner) called Coinhive which was using a lot of CPU of my not so powerful device. These JavaScript mines seem to have gained popularity in recent times especially with news reports coming in that even The Pirate Bay has started using these miners (actually the same Coinhive one).

I get why websites are turning to these JS miners, to get some revenue with cryptocurrencies maybe because ads aren't performing that well. But that doesn't give them the right to use my machine as a node for their mining purposes without my consent. All they had to do was show a little popup asking my permission.

What do you think about these silent JS miners?

More Info: https://github.com/uBlockOrigin/uAssets/issues/690
TPB Report: https://torrentfreak.com/the-pirate-bay ... er-170916/

Re: Silent Crypto Miners Appearing on Websites

Posted: Mon Sep 18, 2017 3:41 am
by LanikSJ
gotitbro wrote: Sun Sep 17, 2017 11:36 am What do you think about these silent JS miners?
If someone is using my machine or resources for their own personal gain justified or not is not cool with me. Especially when it's done without my consent. Might as well be malware AFAIC.

Re: Silent Crypto Miners Appearing on Websites

Posted: Mon Sep 18, 2017 8:06 am
by gotitbro
[mention]Lanik[/mention] Exactly, but here we have people who not only have no problem with TPB for doing so but also support it https://torrentfreak.com/the-pirate-bay ... qus_thread. When I asked for why this was so I got a response hat this is better than malicious ads.

It seems like a right justification but now that I think about it is it really? This seems worse than malicious ads to me I don't even have take any action here.

Re: Silent Crypto Miners Appearing on Websites

Posted: Mon Sep 18, 2017 1:14 pm
by -Mark-
That's f*** invasive! Forcing visitor's resources downright for personal gains is unacceptable, needs to be firewalled.

Gorhill created a filterlist for that-https://raw.githubusercontent.com/uBloc ... tterns.txt

Adding that now :ubergeek:

Re: Silent Crypto Miners Appearing on Websites

Posted: Tue Sep 19, 2017 8:40 am
by gotitbro
[mention]-Mark-[/mention] That filter list still seems to be a work in progress something could still change drastically with it. And you're right its invasive it is beyond me why people are even supporting this.

Re: Silent Crypto Miners Appearing on Websites

Posted: Thu Sep 21, 2017 2:07 pm
by smed79

Re: Silent Crypto Miners Appearing on Websites

Posted: Sat Sep 23, 2017 10:45 pm
by gotitbro
[mention]smed79[/mention] That list seems to be fairly new. Is it correct to add it to the database without much testing?

Were you the one who added it on the ABP page?

Re: Silent Crypto Miners Appearing on Websites

Posted: Sun Sep 24, 2017 1:26 am
by smed79
gotitbro wrote:Were you the one who added it on the ABP page?
Why me? I have just found this list by accident at ABP sub page when I wanted to subscribe to Fanboy's Annoyances.
gotitbro wrote:Is it correct to add it to the database without much testing?
I don't understand what you mean by "without much testing"?

For any other question/issue ask at https://github.com/hoshsadiq/adblock-nocoin-list/issues

Re: Silent Crypto Miners Appearing on Websites

Posted: Sun Sep 24, 2017 1:31 am
by gotitbro
[mention]smed79[/mention] I thought you had some control over ABP's subscription page :p

What I meant with not much testing was that we don't know if its going to be an actively maintained list and handled properly, that is all.

Re: Silent Crypto Miners Appearing on Websites

Posted: Sun Sep 24, 2017 1:49 am
by smed79
You can follow the NoCoin repo on github and proposed to optimize the filters if you see something not handled properly.

Re: Silent Crypto Miners Appearing on Websites

Posted: Thu Oct 26, 2017 4:12 pm
by gotitbro
How it all began: https://news.ycombinator.com/item?id=15246145

The above entry was posted on Hacker News (HN) on 14 September, 2017 by pr0gramm which operate the pr0gramm.com German imageboard. pr0gramm are the original creators of Coinhive as they have themselves told us on their webpage (have since removed this info and shifted the Coinhive website to coinhive.com from coin-hive.com). Coinhive as told by the creators originated from an experiment on the imageboard itself which itself was curiously completely opt-in and had to be run in a separate tab (miner.pr0gramm.com).

Just two days later on 15 September, 2017 it was reported that The Pirate Bay (TPB) has started using Coinhive and taking in account the time frame TPB probably got acquainted with Coinhive through the HN thread. Browser based cryptominers which were unheard of at the time got a lot of media exposure due to being used by the one of the most popular torrent sites. In no time there were multiple web based crypto miners available for anyone willing to use them even as plugins. The web mining segment is highly saturated as of now with many solutions available being used mostly on piracy and not so trustworthy websites.

I am not saying that Coinhive/pr0gramm were the first to implement browser based mining but they sure made it mainstream.

Re: Silent Crypto Miners Appearing on Websites

Posted: Fri Oct 27, 2017 2:38 am
by smed79

Re: Silent Crypto Miners Appearing on Websites

Posted: Fri Oct 27, 2017 10:00 am
by gotitbro
Yes I read about that. Just goes onto show their "security". Thankfully the hacker didn't do something nefarious such as spreading malware just changed the settings to get the all Monero mined for the websites for himself.

He apparently found their password from the 2014 Kickstarter data leak. I can't believe they didn't change their passwords after that.

Re: Silent Crypto Miners Appearing on Websites

Posted: Sat Oct 28, 2017 7:12 am
by smed79
? WhoRunsCoinhive => http://www.whorunscoinhive.com/thelist

Re: Silent Crypto Miners Appearing on Websites

Posted: Sun Oct 29, 2017 4:29 pm
by gotitbro
Nice website. I do not understand what they mean by "Coinhive Site Key". Is it the same as Google Analytics, FB website tags?

Re: Silent Crypto Miners Appearing on Websites

Posted: Sun Oct 29, 2017 5:42 pm
by smed79
e.g kickass.cd ==> http://i.imgur.com/AOw3on1.png (joztQmQ87OjS1....).

"the ‘site key’ is a unique identifier to indicate which beneficiary will be paid" - Coinhive’s documentation.

Re: Silent Crypto Miners Appearing on Websites

Posted: Sun Oct 29, 2017 7:32 pm
by gotitbro
So, the site keys that are listed and contain multiple domains probably belong to one person/entity?
Eg: http://www.whorunscoinhive.com/coinhive_id/OT1CIcpkIOCO7yVMxcJiqmSWoDWOri06

Also when tried to search kickass.cd on the whorunscoinhive.com website it did not detect it :/