Websites using your computer to mine Cryptocurrency


#1

So yesterday NairobiWire was caught with code on its website that mine Cryptocurrency the minute you open any page. The code has magically disappeared but thanks to the internet it lives on.

Today I go to BusinessDaily and all of a sudden KIS (Kaspersky Interent Security) starts going haywire, saying it blocked a malicious link.

I couldn’t see the code, but when I inspected the page, well, BusinessDaily as well may be culpable.

And another

Are we losing ethics?


#2

Most sites want to get rid of ads and instead have a miner. This would be a perfect solution if it was not forced on all users and there was an option to opt-out.

Piratebay made this story blow up with a recent test on their site.

WHAT TO DO

Most Adblock plugins are blacklisting the scripts already (uBlock Origin is already doing it). This will take some time though.

You can add this to your adblock plugin’s custom filter list to block the miners.

https://raw.githubusercontent.com/keraf/NoCoin/master/src/blacklist.txt

The other alternative is to disable scripts from running automatically. You can whitelist sites that you trust.

Here are some add-ons you can use to do that

Chrome - https://chrome.google.com/webstore/detail/scriptsafe/oiigbmnaadbkfbmpbfijlflahbdbdgdf?hl=en

Firefox - https://addons.mozilla.org/en-US/firefox/addon/noscript/


#3

This thing began like a week ago. I logged in to Nairobi Wire and noticed that my laptops FAN (which is mostly passive and silent) whinning to the rooftop. In less than a minute, the laptop was super hot. Opened the task manager and realized one of Chromes tabs was using the CPU 100%. Killed the process and it was the Nairobi Wire tab was closed.

Tried to login at Nairobi Wire and the same thing happened. Haven’t logged in since. Why do people use dubious ways to make money like Ghafla the guys have tons of vides on a single webpage that play in silent mode when you trying to read an article.

Did some little search and noticed that traffic for such websites like Ghafla dropped from 800K per month to a mere 40K and they don’t seem to get it. Same case with Nairobi Wire from 750K per month to like 38K per month.


#4

The Guardian has a story about this. Ads don’t work so websites are using your electricity to pay the bills.


#5

I don’t understand code but to ask, when I open business daily site on my phone or tablet an audio icon appears n the notification bar but no video or audio is playing should this worry me?


#6

Media is playing in the background. Sometimes they don’t show up until like you about to scroll to the bottom of the webpage. Chrome made it difficult to notice the media because of the new Chrome updates that automatically mute the media but the media continues to play in mute mode. It does not make sense why they had to include that feature since it makes it difficult to notice the type of media playing on the website you have visited.

Sometimes you scroll to the bottom of the webpage then the video shows up or at time after you scroll to the bottom and scroll back to the top of the website you notice the video popped up in place where you had already scrolled through while reading the article but the media was not there at that time.


#7

Thanks for this Boaz. It was resourceful for this piece I did.


#8

So Nairobi Wire claims that the code was injected without their knowledge, MemeBurn also claimed the same. It could be true, but that shows a pattern. Are these websites using the same developer? Highly unlikely, yet they all suffer from the same “ailment” of a foreign developer secretly injecting a code into their system.

The bigger question is, no one noticed, during testing of course, that the website was taking up CPU load? In my line of work, I have not to believe everything said by corporates, especially in defence.

Only Pirate Bay accepted that they put in the code themselves and explained why.

At the moment, we’re waiting for BD to let us know their PR explanation of what happened.


#9

Reminds me of Shaggy - It wasn’t me.