Hacker
Professional
- Messages
- 1,043
- Reaction score
- 844
- Points
- 113
As antivirus developers from ESET found out, in the last few months, fraudsters began to secretly mine Feathercoin, Litecoin and Monero cryptocurrencies using users browsers and computers while they are on the site.
And if The Pirate Bay itself implemented a JavaScript miner in the site code as an experimental way to earn money, then hackers tried to cash in through many other resources.
How is mining hidden?
For hidden cryptocurrency mining, you don't need to hack your computer and install a Trojan. As long as the user has a page with a malicious script open in the browser, the processor will mine unnoticed.
Most often, popular sites that usually spend a relatively long time on are at risk. These are mostly resources with streaming pirated videos and games that load the processor even without web miners.
The problem is easy to suspect - the processor load increases dramatically up to one hundred percent. The attackers secretly mined cryptocurrency mainly through ten sites. According to the ESET report, other, smaller resources accounted for up to 14% of web miner traffic.
How to monitor CPU usage
Senior virus analyst at ESET Anton Cherepanov, in a conversation with TJ, recommended using system programs to monitor processor activity. In macOS, this is "System Monitoring" (Activity Monitor), in Windows - "Task Manager".
How to avoid hidden mining
Disable JavaScript on sites that suspiciously load the processor.
JavaScript is enabled in major browsers by default. If you disable it, most sites will no longer work correctly, so you should regulate its use separately for each site. This is done in the browser settings. Let's show you the example of Google Chrome:
Settings → Privacy and Security → Content Settings → JavaScript.
Install the Web Miner blocker extension
For each browser, there are add-ons that are designed to block scripts, ads, and other content, such as ScriptBlock, ScriptSafe, and NoScript. There is a suitable No Coin extension for Google Chrome.
In a conversation with TJ, Cherepanov said that on behalf of the company he could not recommend any specific program, and offered to choose it "to your liking."
Don't turn off your antivirus software
Antivirus companies recommend enabling detection of potentially unwanted applications in their products. In ESET products, the web miner is displayed as JS/CoinMiner. A.
Kaspersky Lab told TJ that all of its products are capable of detecting such threats. The company's website states that web miners fall into the category of software that is "legal in itself, but can be used for malicious purposes" (Riskware).
And if The Pirate Bay itself implemented a JavaScript miner in the site code as an experimental way to earn money, then hackers tried to cash in through many other resources.
How is mining hidden?
For hidden cryptocurrency mining, you don't need to hack your computer and install a Trojan. As long as the user has a page with a malicious script open in the browser, the processor will mine unnoticed.
Most often, popular sites that usually spend a relatively long time on are at risk. These are mostly resources with streaming pirated videos and games that load the processor even without web miners.
The problem is easy to suspect - the processor load increases dramatically up to one hundred percent. The attackers secretly mined cryptocurrency mainly through ten sites. According to the ESET report, other, smaller resources accounted for up to 14% of web miner traffic.
- okino.tv
- gtavicecity.ru
- flashplayer.ru
- online.cd
- wotsite.net
- apitech.ru
- filmi-hd.ru
- jut.su
- wowgaid.ru
- youmult.net
How to monitor CPU usage
Senior virus analyst at ESET Anton Cherepanov, in a conversation with TJ, recommended using system programs to monitor processor activity. In macOS, this is "System Monitoring" (Activity Monitor), in Windows - "Task Manager".
How to avoid hidden mining
Disable JavaScript on sites that suspiciously load the processor.
JavaScript is enabled in major browsers by default. If you disable it, most sites will no longer work correctly, so you should regulate its use separately for each site. This is done in the browser settings. Let's show you the example of Google Chrome:
Settings → Privacy and Security → Content Settings → JavaScript.
Install the Web Miner blocker extension
For each browser, there are add-ons that are designed to block scripts, ads, and other content, such as ScriptBlock, ScriptSafe, and NoScript. There is a suitable No Coin extension for Google Chrome.
In a conversation with TJ, Cherepanov said that on behalf of the company he could not recommend any specific program, and offered to choose it "to your liking."
Don't turn off your antivirus software
Antivirus companies recommend enabling detection of potentially unwanted applications in their products. In ESET products, the web miner is displayed as JS/CoinMiner. A.
Kaspersky Lab told TJ that all of its products are capable of detecting such threats. The company's website states that web miners fall into the category of software that is "legal in itself, but can be used for malicious purposes" (Riskware).
