ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

SafeBrowse chrome extension hides a cpu draining trojan

(1/1)

mouser:
SafeBrowse, a Chrome extension with more than 140,000 users, contains an embedded JavaScript library in the extension's code that mines for the Monero cryptocurrency using users' computers and without getting their consent. The additional code drives CPU usage through the roof, making users' computers sluggish and hard to use.

--- End quote ---


https://slashdot.org/story/17/09/23/1816214/popular-chrome-extension-embedded-a-cpu-draining-cryptocurrency-miner





From https://www.bleepingcomputer.com/news/security/chrome-extension-embeds-in-browser-monero-miner-that-drains-your-cpu/

Deozaan:
Showtime's websites recently did the same thing:

The flagship Showtime.com and its instant-access ShowtimeAnytime.com sibling silently pulled in code that caused browsers to blow spare processor time calculating new Monero coins – a privacy-focused alternative to the ever-popular Bitcoin. The hidden software typically consumed as much as 60 per cent of CPU capacity on computers visiting the sites.

[...]

However, it's extremely unlikely that a large corporation like CBS would smuggle such a piece of mining code onto its dot-coms – especially since it charges subscribers to watch the hit TV shows online – suggesting someone hacked the websites' source code to insert the mining JavaScript and make a quick buck.-https://www.theregister.co.uk/2017/09/25/showtime_hit_with_coinmining_script/
--- End quote ---

Shades:
There is talk about doing just this on sites that offer free content. This type of script should then replace banners/ads on those websites.

4wd:
NoCoin

No coin is a tiny browser extension aiming to block coin miners such as Coinhive.
--- End quote ---

I was looking at just doing a small GreaseMonkey/TamperMonkey script just to block them all, this is a bit better in that you can whitelist if you want.

The current blacklist it uses:

--- ---*://coin-hive.com/lib*
*://coin-hive.com/captcha*
wss://*.coin-hive.com/proxy*
*://jsecoin.com/server*
*://*.jsecoin.com/server*
*://static.reasedoper.pw/*
*://mataharirama.xyz/*
*://listat.biz/*
*://lmodr.biz/*
*://minecrunch.co/web/*

Deozaan:
Politifact is the latest site to be compromised with CoinHive:

https://www.engadget.com/2017/10/15/politifact-hijacked-by-cryptocurrency-mining-code/

Navigation

[0] Message Index

Go to full version