bbc.reporter (OP)
Legendary
Offline
Activity: 3122
Merit: 1491
|
|
September 25, 2017, 01:33:28 AM |
|
Spoetnik reported Piratebay's dirty tactic in mining some free Monero at the expense of their users' hardware and electricity last week. It has opened everyone's eyes about the possibility that other websites or services might also use this exploit. There is another one today in the form of a Chrome extension called Safebrowse, and this is the statement released from their team. Unfortunately we have no knowledge, apparently has been a hack. I'm currently researching, I have already contacted the Google team. The extension has not received an update for months, so I do not know what it's all about.But how do we know that they are not lying? The authors of SafeBrowse, a Chrome extension with more than 140,000 users, have embedded a JavaScript library in the extension's code that mines for the Monero cryptocurrency using users' computers and without getting their consent.
The additional code drives CPU usage through the roof, making users computers sluggish and hard to use.
SafeBrowse uses same technology tested by The Pirate Bay The intrusive and highly damaging behavior was noticed almost immediately, as the extension's Web Store page has filled up in the past few hours with negative reviews decrying the surge in CPU resource usage.Read the full article https://www.bleepingcomputer.com/news/security/chrome-extension-embeds-in-browser-monero-miner-that-drains-your-cpu/
|
| | . .Duelbits│SPORTS. | | | ▄▄▄███████▄▄▄ ▄▄█████████████████▄▄ ▄███████████████████████▄ ███████████████████████████ █████████████████████████████ ███████████████████████████████ ███████████████████████████████ ███████████████████████████████ █████████████████████████████ ███████████████████████████ ▀████████████████████████ ▀▀███████████████████ ██████████████████████████████ | | | | ██ ██ ██ ██
██ ██ ██ ██
██ ██ ██ | | | | ███▄██▄███▄█▄▄▄▄██▄▄▄██ ███▄██▀▄█▄▀███▄██████▄█ █▀███▀██▀████▀████▀▀▀██ ██▀ ▀██████████████████ ███▄███████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ▀█████████████████████▀ ▀▀███████████████▀▀ ▀▀▀▀█▀▀▀▀ | | OFFICIAL EUROPEAN BETTING PARTNER OF ASTON VILLA FC | | | | ██ ██ ██ ██
██ ██ ██ ██
██ ██ ██ | | | | 10% CASHBACK 100% MULTICHARGER | │ | | │ |
|
|
|
Febo
Legendary
Offline
Activity: 2730
Merit: 1288
|
|
September 25, 2017, 01:40:35 AM |
|
You can donate to charity just by hanging on this website: https://www.charity-miner.org/ Current Charity: American Red Cross: Disaster Relief
|
|
|
|
BountyX
|
|
September 25, 2017, 01:41:08 AM |
|
It is a total irony that it happened on a product called Safebrowser. Almost Orwellian.
|
|
|
|
wxa7115
|
|
September 25, 2017, 03:15:28 AM |
|
Thanks I did not knew about the piratebay tactics, however this is why I’m against filling your browser with code by people that you do not know their intentions, it is better to try to keep things at the minimum if you are going to use any extension at all in order to avoid opening yourself to possible attacks.
|
|
|
|
Siren
|
|
September 25, 2017, 03:54:38 AM |
|
Spoetnik reported Piratebay's dirty tactic in mining some free Monero at the expense of their users' hardware and electricity last week. It has opened everyone's eyes about the possibility that other websites or services might also use this exploit. There is another one today in the form of a Chrome extension called Safebrowse, and this is the statement released from their team. Unfortunately we have no knowledge, apparently has been a hack. I'm currently researching, I have already contacted the Google team. The extension has not received an update for months, so I do not know what it's all about.But how do we know that they are not lying? The authors of SafeBrowse, a Chrome extension with more than 140,000 users, have embedded a JavaScript library in the extension's code that mines for the Monero cryptocurrency using users' computers and without getting their consent.
The additional code drives CPU usage through the roof, making users computers sluggish and hard to use.
SafeBrowse uses same technology tested by The Pirate Bay The intrusive and highly damaging behavior was noticed almost immediately, as the extension's Web Store page has filled up in the past few hours with negative reviews decrying the surge in CPU resource usage.Read the full article https://www.bleepingcomputer.com/news/security/chrome-extension-embeds-in-browser-monero-miner-that-drains-your-cpu/Thanks mate. I know about the piratebay but I haven't read about this Chrome extension that's only coming with the similar tactics of using unsuspecting victims to mine Monero. Is it just that easy to mine it though? That's why I have a dedicated laptop just being used for my bitcoin activity only. (sig campaigns, trading) and I don't download anything. Just my anti-virus to go and firewall. Just sad though, that you don't have a slight suspicion that someone is harnessing your CPU for their own benefit. We need to be careful anything from the net, specially about crypto's because it is taking the world by storm and everyone one to take a slice of the pie.
|
|
|
|
Febo
Legendary
Offline
Activity: 2730
Merit: 1288
|
|
September 25, 2017, 12:51:52 PM |
|
... That's why I have a dedicated laptop just being used for my bitcoin activity only. (sig campaigns, trading) and I don't download anything. Just my anti-virus to go and firewall. Just sad though, that you don't have a slight suspicion that someone is harnessing your CPU for their own benefit. We need to be careful anything from the net, specially about crypto's because it is taking the world by storm and everyone one to take a slice of the pie.
I dont think you are cautious enough. If you have 2 computers then use one just for wallets you trust 100%. Nothing else. And another computer for everything else, including some new coins signature campaigns where you download their wallets, that can actually be a malware. But since you have nothing valuable in any other wallet on this computer you are perfectly safe.
|
|
|
|
Cicada1033
|
|
September 25, 2017, 01:03:23 PM |
|
The website https://neotogas.com/ did also run that script several days ago. My webbrowser was suddenly eating all my cpu power so I got suspicious and checkt the website's source code. But I checked it again befor writing this post and they don't do it anymore. I guess they just did a test run.
|
|
|
|
Red-Apple
|
|
September 25, 2017, 01:28:29 PM |
|
that is just another reason for disabling things such as JavaScript in your browser. it is no longer a privacy improvement matter. these things are known to cause a lot of issues and open up a lot of "holes" in your security. when your browser can simply run a script god knows what are the things that are being run by sites you visit.
|
--signature space for rent; sent PM--
|
|
|
13abyknight
|
|
September 25, 2017, 01:46:01 PM |
|
More and more websites and services are beginning to play these dirty tactics on their users for free money and its only about to get worse as more sites use these miners. Piratebay mining from visitors staying on their webpage seems pretty okay as they rely on donations to run and keep up their servers but a for a famous service like Safebrowse, it looks like a desperate attempt at tricking its userbase for some quick money.
|
|
|
|
Cicada1033
|
|
September 25, 2017, 01:58:15 PM |
|
More and more websites and services are beginning to play these dirty tactics on their users for free money and its only about to get worse as more sites use these miners. Piratebay mining from visitors staying on their webpage seems pretty okay as they rely on donations to run and keep up their servers but a for a famous service like Safebrowse, it looks like a desperate attempt at tricking its userbase for some quick money.
It would actually be okey for me if they would tell you about it or if they would make it optional. If they do it secretly people will find out very quick that something is wrong and if they do it will massivly backfire. All people I told about this incident were really upset that the website hosters are doing this sectretly.
|
|
|
|
carlisle1
|
|
September 25, 2017, 02:03:10 PM |
|
I'm not familiar with that website but its alarming to see that, after piratebay and now also those fuacets like moonbit and freebit are also offering this mining using cpu of our computers I'm not sure how profitable it is, but sorry if its not really related but I think it will showed more website who's using the same.
|
|
|
|
electronicash
Legendary
Offline
Activity: 3234
Merit: 1055
|
|
September 25, 2017, 02:12:27 PM |
|
when you thought they are somehow very noble on creating such site for we all can share files even from being very apart, they were also doing something else behind the scene. they could have just ask the pirates after all all are going to be willing to help. i'm not aware of this safebrowser but if its all bout the need of money - any noble one can turn to a greedy monster. its all for the money still.
|
|
|
|
HardFireMiner
|
|
September 25, 2017, 02:23:59 PM |
|
So, any chance bitcointalk will start mining with javascript anytime soon?
|
|
|
|
BTCLovingDude
Legendary
Offline
Activity: 1134
Merit: 1010
BTC to the moon is inevitable...
|
|
September 25, 2017, 02:31:22 PM |
|
More and more websites and services are beginning to play these dirty tactics on their users for free money and its only about to get worse as more sites use these miners.
what are these "many" sites that are doing this? i have never encountered any of them except for hearing news like what OP shared! and don't forget that if they hide it, their reputation is ruined in less than a day because browser mining with a lot of pressure on the CPU is not something you can hide and even if the pressure is low it won't stay hidden for long. someone will eventually find it and that only takes an hour on popular sites and a little longer on smaller ones.
|
--looking for signature--
|
|
|
random8888
Member
Offline
Activity: 83
Merit: 10
Another day another dollar
|
|
September 25, 2017, 03:03:19 PM |
|
and this is the reason why i never install extensions unless they are from highly reputable authors.
|
|
|
|
sunk818
|
|
September 25, 2017, 07:32:49 PM |
|
this is coin-hive. the developer is working on a system where you have to explicitly opt-in to mine. the developer originally allowed the miner to start without opt-in and that is the reason why it got on the adblocker list.
monero difficulty is too high but javascript cpu mining, but they mentioned getting 10% of the total network hashrate through coin-hive. I think they're better off doing some sort of multipool to mine the most profitable coin that is cpu friendly and then trade that out for an altcoin. hopefully as atomic swap becomes a reality for more altcoins, this model could really sustain a web site in the future.
|
|
|
|
bitblaster
Member
Offline
Activity: 111
Merit: 11
Bit Blaster
|
|
September 25, 2017, 11:40:02 PM |
|
I suggest they place a notice that they would be mining a bit of coins. If the users are well informed and agree with that, it's okay. But stealing CPU power is not fair. I hope this was just a test !
|
|
|
|
bbc.reporter (OP)
Legendary
Offline
Activity: 3122
Merit: 1491
|
|
September 26, 2017, 01:01:04 AM |
|
Maybe instead of Monero this webminer is also mining Aeon. There has been a very large increase in Aeon's hashrate again, and there are presumptions that it could be a botnet.
@Febo. You are most familiar with Monero and Aeon. What are your viewpoints on Aeon's increase in hashrate? Is it a botnet?
|
| | . .Duelbits│SPORTS. | | | ▄▄▄███████▄▄▄ ▄▄█████████████████▄▄ ▄███████████████████████▄ ███████████████████████████ █████████████████████████████ ███████████████████████████████ ███████████████████████████████ ███████████████████████████████ █████████████████████████████ ███████████████████████████ ▀████████████████████████ ▀▀███████████████████ ██████████████████████████████ | | | | ██ ██ ██ ██
██ ██ ██ ██
██ ██ ██ | | | | ███▄██▄███▄█▄▄▄▄██▄▄▄██ ███▄██▀▄█▄▀███▄██████▄█ █▀███▀██▀████▀████▀▀▀██ ██▀ ▀██████████████████ ███▄███████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ▀█████████████████████▀ ▀▀███████████████▀▀ ▀▀▀▀█▀▀▀▀ | | OFFICIAL EUROPEAN BETTING PARTNER OF ASTON VILLA FC | | | | ██ ██ ██ ██
██ ██ ██ ██
██ ██ ██ | | | | 10% CASHBACK 100% MULTICHARGER | │ | | │ |
|
|
|
Tipstar
|
|
September 26, 2017, 02:25:46 AM |
|
Browser mining is being considered an alternative earning strategy for a website. Priatesbay's ads replacement seems okay with the nature of the site. In safebrowse case, they were supposed to block such activities rather than do it themselves. They were probably hacked.
|
|
|
|
SamboNZ
|
|
September 26, 2017, 02:37:57 AM |
|
Installing extensions is also like saying feel free to hack my device/machine.
I dont know whats this safebrowse is but i dont add extensions cos you dont know what it may contain.
|
|
|
|
|