• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Cryptojacking: Over 2,500 Websites Out There to Steal Your CPU Time

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
46,274 (7.69/day)
Location
Hyderabad, India
System Name RBMK-1000
Processor AMD Ryzen 7 5700G
Motherboard ASUS ROG Strix B450-E Gaming
Cooling DeepCool Gammax L240 V2
Memory 2x 8GB G.Skill Sniper X
Video Card(s) Palit GeForce RTX 2080 SUPER GameRock
Storage Western Digital Black NVMe 512GB
Display(s) BenQ 1440p 60 Hz 27-inch
Case Corsair Carbide 100R
Audio Device(s) ASUS SupremeFX S1220A
Power Supply Cooler Master MWE Gold 650W
Mouse ASUS ROG Strix Impact
Keyboard Gamdias Hermes E2
Software Windows 11 Pro
Cryptojacking is a new phenomenon, which was popularized by ThePirateBay embedding its website with a Javascript-based crypto-currency miner. It quickly sprung up the debate on whether crypto-currency miners hidden into web-pages could become the revenue model of the future, replacing online advertising or paid subscriptions. Some commentators argue that it's fine as long as users are made sufficiently aware that a website is embedding a miner, and is presented with a choice between ads and the miner. Others were steadfast against the idea as heavy Internet browsing (across multiple tabs), could bring down computers to a crawl, and have a more than tangible impact on electricity bills.

According to an ArsTechnica report, there could be at least 2,500 websites out there, with embedded crypto-currency miners that are hidden from the users. Willem de Groot, an independent cybersecurity researcher told the publication that he estimates JS miners may have proliferated to 2,496 websites, and its adoption is on the rise. Some dishonest websites embed miners as a revenue source in addition to ads and sponsored content. At the heart of the controversy is Coinhive. This company sells easy-to-integrate crypto-currency miners that can be embedded into websites as a revenue source. The company is on a marketing overdrive, writing to siteops and bloggers to spread their miners.



The softest targets of Coinhive appear to be Wordpress blogs that are struggling to make money off cheap ads. This is a troubling trend because blogs that don't disclose running embedded miners risk reducing the credibility of the blogging platform they're based on (Wordpress, Blogger) as a whole, readers would avoid emerging blogs as they'd fear running into hidden miners.

Making matters worse, neither Google, nor Mozilla, have come up with anti-miner measures built into Chrome or Firefox. Ad-block Plus, the popular browser extension that disables web ads, introduced a feature that disables scripts that exhibit mining behavior, with a nascent degree of heuristics. You can also install this Chrome extension to weed-out Coinhive scripts. The more experienced users among you can edit your Hosts file to nullroute Coinhive. Popular anti-virus vendors such as Kaspersky and McAfee, which include anti-phishing features with their software, have set out to identify and block sites with embedded miners.

View at TechPowerUp Main Site
 
Joined
Mar 6, 2012
Messages
563 (0.13/day)
Processor i5 4670K - @ 4.8GHZ core
Motherboard MSI Z87 G43
Cooling Thermalright Ultra-120 *(Modded to fit on this motherboard)
Memory 16GB 2400MHZ
Video Card(s) HD7970 GHZ edition Sapphire
Storage Samsung 120GB 850 EVO & 4X 2TB HDD (Seagate)
Display(s) 42" Panasonice LED TV @120Hz
Case Corsair 200R
Audio Device(s) Xfi Xtreme Music with Hyper X Core
Power Supply Cooler Master 700 Watts
How about you block the domain coinhive.com from your firewall ? Or just block in your OS ? Will that not help ?

EDIT: Never mind, found out anti mining extension for chrome.
 
Last edited:
Joined
Jul 16, 2014
Messages
8,115 (2.29/day)
Location
SE Michigan
System Name Dumbass
Processor AMD Ryzen 7800X3D
Motherboard ASUS TUF gaming B650
Cooling Artic Liquid Freezer 2 - 420mm
Memory G.Skill Sniper 32gb DDR5 6000
Video Card(s) GreenTeam 4070 ti super 16gb
Storage Samsung EVO 500gb & 1Tb, 2tb HDD, 500gb WD Black
Display(s) 1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s) onboard (realtek?) - SPKRS:Logitech Z623 200w 2.1
Power Supply Corsair HX1000i
Mouse Steeseries Esports Wireless
Keyboard Corsair K100
Software windows 10 H
Benchmark Scores https://i.imgur.com/aoz3vWY.jpg?2
so is there an actual list of websites that have been caught mining?
 
Joined
Dec 14, 2016
Messages
134 (0.05/day)
upon recent reddit threat (don't ask me where exactly) I switched from ABP to uBlock and never encounter any chrome tab using high CPU load since TBP announcement.
Plus it is more efficient against cunt sites that blocks ad-block users and all site that phishing for tracking user activity.
 
Joined
Mar 26, 2006
Messages
517 (0.08/day)
Location
Stamford, UK
System Name The Money Sink
Processor Intel i7-5960X at 4.60Ghz
Motherboard MSI X99A Godlike
Cooling Custom watercooling loop, single D5 -> CPU, dual D5 -> GPU's
Memory 64GB DDR4-3000
Video Card(s) 2 x 1080Ti @ Stock for the moment (40oC LOAD)
Storage 960GB Mushkin Scorpion Deluxe and 2 x 512GB M.2 SSD RAID0
Display(s) Dual Curved LG 34" Display
Power Supply EVGA 1600W G2
Software Windows 10
Benchmark Scores ALOT
I don't really get it, I would MUCH rather do this than have ads thrown at me left, right and center!
 

SARVAMANGALAM

New Member
Joined
May 30, 2017
Messages
23 (0.01/day)
This "earning" is everywhere.. just in slovakia they find over 250 web . s.
first find was catch on infamous "msm" server
dennikn.sk
And informed about this on safe news web server DSL.sk, 27.9.2017 : http://www.dsl.sk/article.php?article=20260
http://www.dsl.sk/article.php?article=20354&title= DSL.sk, 22.10.2017

http://www.dsl.sk/article.php?article=20264


use yandex to translate

I recommend for all always use the anti-crypto add in your browser + antivir just like addblocks is now in browsers for years ..
 
Last edited:
Joined
May 4, 2012
Messages
985 (0.23/day)
Location
Ireland
I don't really get it, I would MUCH rather do this than have ads thrown at me left, right and center!
There are many scenarios where you’d rather see ads than mine crypto currency.

-Some of these scripts can use up all 100% of CPU resources.
-There are lots of slow machines that actually need all CPU power just to display 720p video content.
-People that keep 50 tabs open in their browsers.
-Gaming while you have browser with couple of tabs open.

The idea is quite good but people must be aware of that and should have an option to stop/pause it.
 
Joined
May 29, 2012
Messages
514 (0.12/day)
System Name CUBE_NXT
Processor i9 12900K @ 5.0Ghz all P-cores with E-cores enabled
Motherboard Gigabyte Z690 Aorus Master
Cooling EK AIO Elite Cooler w/ 3 Phanteks T30 fans
Memory 64GB DDR5 @ 5600Mhz
Video Card(s) EVGA 3090Ti Ultra Hybrid Gaming w/ 3 Phanteks T30 fans
Storage 1 x SK Hynix P41 Platinum 1TB, 1 x 2TB, 1 x WD_BLACK SN850 2TB, 1 x WD_RED SN700 4TB
Display(s) Alienware AW3418DW
Case Lian-Li O11 Dynamic Evo w/ 3 Phanteks T30 fans
Power Supply Seasonic PRIME 1000W Titanium
Software Windows 11 Pro 64-bit
Joined
Jan 31, 2012
Messages
2,452 (0.55/day)
Location
Bulgaria
System Name Sandfiller
Processor I5-10400
Motherboard MSI MPG Z490 GAMING PLUS
Cooling Noctua NH-L9i (92x25mm fan)
Memory 32GB Corsair LPX 2400 Mhz DDR4 CL14
Video Card(s) MSI RX 5700 XT GAMING X
Storage Intel 670P 512GB
Display(s) 2560x1080 LG 29" + 22" LG
Case SS RV02
Audio Device(s) Creative Sound Blaster Z
Power Supply Fractal Design IntegraM 650W
Mouse Logitech Triathlon
Keyboard REDRAGON MITRA
Software Windows 11 Home x 64
I don't really get it, I would MUCH rather do this than have ads thrown at me left, right and center!

Ahahaha. You made me LoL :)

Ontopic: I have "Family shield" DNS on the router + uBlock + paid license for BitDefender Internet Security + Malwarebytes Free, which I fire up from time to time. No 3rd party mining on my RIG. On a side note the paid version of bitdefender seems worse to me than the free version.
 
Joined
Aug 2, 2012
Messages
1,759 (0.41/day)
Location
Netherlands
System Name TheDeeGee's PC
Processor Intel Core i7-11700
Motherboard ASRock Z590 Steel Legend
Cooling Noctua NH-D15
Memory Crucial Ballistix 3200/C16 4x8GB
Video Card(s) Nvidia RTX 4070 Ti 12GB
Storage Crucial P5 Plus 2TB / Crucial P3 Plus 2TB / Crucial P3 Plus 4TB
Display(s) EIZO CX240
Case Fractal Design Define 7
Audio Device(s) Creative Sound Blaster ZXR, AKG K601 Headphones
Power Supply Seasonic Fanless TX-700
Mouse Logitech G500s
Keyboard Keychron Q6
Software Windows 10 Pro 64-Bit
Benchmark Scores None, as long as my games runs smooth.
If you use ublock origin you can also subscribe to the "Resource Abuse" filter list and not have to install another third party browser extension.
Just noticed that filter, it's enabled by default it seems :)

Good stuff!
 
Joined
Oct 2, 2004
Messages
13,791 (1.94/day)
I've also asked developers of Ghostery if they plan including crypto miners into their block lists. Still waiting for response.
 
Joined
Mar 9, 2009
Messages
227 (0.04/day)
Location
Denmark
Processor Intel I7 4790k
Motherboard MSI Z87 - G45
Cooling Noctua NH-D15S
Memory 16gb 1600mhz (2000mhz OC)
Video Card(s) Gigabyte GTX 1080
Storage 750gb + 256gb ssd, 2TB HDD
Display(s) Samsung C24fg70 144hz
Case Fractal Design Define C
Audio Device(s) Motherboard, Realtek
Power Supply CM Silent Pro M1000
Mouse Roccat Kone XTD
Keyboard HyperX Alloy FPS Mechanical Gaming Keyboard
Software Windows 10 x64

Thanks m8.
While on the topic of extensions, do you know of any extension to block web pages from "bypassing" an adblock? :p I got adblock Origin but some sites tell me to disable it to view the content :c..
 
Joined
Oct 2, 2004
Messages
13,791 (1.94/day)
Thanks m8.
While on the topic of extensions, do you know of any extension to block web pages from "bypassing" an adblock? :p I got adblock Origin but some sites tell me to disable it to view the content :c..

uBlock has "Anti AdBlock" rules. Enable "Adblock Warning Removal list" and "Anti AdBlock Killer". Though some pages will still complain...
 

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
40,435 (6.61/day)
Location
Republic of Texas (True Patriot)
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
Mining botnet
 
Joined
Feb 9, 2009
Messages
1,618 (0.29/day)
There are many scenarios where you’d rather see ads than mine crypto currency.

-Some of these scripts can use up all 100% of CPU resources.
-There are lots of slow machines that actually need all CPU power just to display 720p video content.
-People that keep 50 tabs open in their browsers.
-Gaming while you have browser with couple of tabs open.

The idea is quite good but people must be aware of that and should have an option to stop/pause it.
can we get some benchmarks? i'm not sure if (modern browser) JS is capable of low cpu priority or any other relevant checks

-chrome/ium was adding some javascript background tab throttle feature, did that come out?
-does coinhive stuff scale across multiple cores?
-is it only running on the active tab? (that would be nice of them, it's possible since they gave a responsibility message a few weeks ago, i havent tested, consider how ads are only seen on the active tab so it makes sense)
-there are many one click methods to block ads or mining, meaning the situation hasnt changed much, the user still has tons of control, so in that case mining can be considered nicer & something many people may choose to temporarily not block or whitelist on certain sites or time periods
 
Top