Bitcoin Forum
November 16, 2024, 05:09:03 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: After Piratebay it is Safebrowse  (Read 664 times)
bbc.reporter (OP)
Legendary
*
Offline Offline

Activity: 3122
Merit: 1491



View Profile
September 25, 2017, 01:33:28 AM
 #1

Spoetnik reported Piratebay's dirty tactic in mining some free Monero at the expense of their users' hardware and electricity last week. It has opened everyone's eyes about the possibility that other websites or services might also use this exploit.

There is another one today in the form of a Chrome extension called Safebrowse, and this is the statement released from their team.

Unfortunately we have no knowledge, apparently has been a hack. I'm currently researching, I have already contacted the Google team. The extension has not received an update for months, so I do not know what it's all about.

But how do we know that they are not lying?



The authors of SafeBrowse, a Chrome extension with more than 140,000 users, have embedded a JavaScript library in the extension's code that mines for the Monero cryptocurrency using users' computers and without getting their consent.

The additional code drives CPU usage through the roof, making users computers sluggish and hard to use.

SafeBrowse uses same technology tested by The Pirate Bay
The intrusive and highly damaging behavior was noticed almost immediately, as the extension's Web Store page has filled up in the past few hours with negative reviews decrying the surge in CPU resource usage.


Read the full article https://www.bleepingcomputer.com/news/security/chrome-extension-embeds-in-browser-monero-miner-that-drains-your-cpu/

.
.DuelbitsSPORTS.
▄▄▄███████▄▄▄
▄▄█████████████████▄▄
▄██████████████████████▄
██████████████████████████
███████████████████████████
██████████████████████████████
██████████████████████████████
█████████████████████████████
███████████████████████████
█████████████████████████
▀████████████████████████
▀▀███████████████████
██████████████████████████████
██
██
██
██

██
██
██
██

██
██
██
████████▄▄▄▄██▄▄▄██
███▄█▀▄▄▀███▄█████
█████████████▀▀▀██
██▀ ▀██████████████████
███▄███████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
▀█████████████████████▀
▀▀███████████████▀▀
▀▀▀▀█▀▀▀▀
OFFICIAL EUROPEAN
BETTING PARTNER OF
ASTON VILLA FC
██
██
██
██

██
██
██
██

██
██
██
10%   CASHBACK   
          100%   MULTICHARGER   
Febo
Legendary
*
Offline Offline

Activity: 2730
Merit: 1288



View Profile
September 25, 2017, 01:40:35 AM
 #2

You can donate to charity just by hanging on this website: https://www.charity-miner.org/ 
Current Charity: American Red Cross: Disaster Relief
BountyX
Full Member
***
Offline Offline

Activity: 352
Merit: 100



View Profile
September 25, 2017, 01:41:08 AM
 #3

It is a total irony that it happened on a product called Safebrowser. Almost Orwellian.

wxa7115
Hero Member
*****
Offline Offline

Activity: 2814
Merit: 734

Bitcoin is GOD


View Profile
September 25, 2017, 03:15:28 AM
 #4

Thanks I did not knew about the piratebay tactics, however this is why I’m against filling your browser with code by people that you do not know their intentions, it is better to try to keep things at the minimum if you are going to use any extension at all in order to  avoid opening yourself to possible attacks.
Siren
Sr. Member
****
Offline Offline

Activity: 826
Merit: 265



View Profile
September 25, 2017, 03:54:38 AM
 #5

Spoetnik reported Piratebay's dirty tactic in mining some free Monero at the expense of their users' hardware and electricity last week. It has opened everyone's eyes about the possibility that other websites or services might also use this exploit.

There is another one today in the form of a Chrome extension called Safebrowse, and this is the statement released from their team.

Unfortunately we have no knowledge, apparently has been a hack. I'm currently researching, I have already contacted the Google team. The extension has not received an update for months, so I do not know what it's all about.

But how do we know that they are not lying?



The authors of SafeBrowse, a Chrome extension with more than 140,000 users, have embedded a JavaScript library in the extension's code that mines for the Monero cryptocurrency using users' computers and without getting their consent.

The additional code drives CPU usage through the roof, making users computers sluggish and hard to use.

SafeBrowse uses same technology tested by The Pirate Bay
The intrusive and highly damaging behavior was noticed almost immediately, as the extension's Web Store page has filled up in the past few hours with negative reviews decrying the surge in CPU resource usage.


Read the full article https://www.bleepingcomputer.com/news/security/chrome-extension-embeds-in-browser-monero-miner-that-drains-your-cpu/

Thanks mate. I know about the piratebay but I haven't read about this Chrome extension that's only coming with the similar tactics of using unsuspecting victims to mine Monero. Is it just that easy to mine it though? That's why I have a dedicated laptop just being used for my bitcoin activity only. (sig campaigns, trading) and I don't download anything. Just my anti-virus to go and firewall. Just sad though, that you don't have a slight suspicion that someone is harnessing your CPU for their own benefit. We need to be careful anything from the net, specially about crypto's because it is taking the world by storm and everyone one to take a slice of the pie.
Febo
Legendary
*
Offline Offline

Activity: 2730
Merit: 1288



View Profile
September 25, 2017, 12:51:52 PM
 #6

...
 That's why I have a dedicated laptop just being used for my bitcoin activity only. (sig campaigns, trading) and I don't download anything. Just my anti-virus to go and firewall. Just sad though, that you don't have a slight suspicion that someone is harnessing your CPU for their own benefit. We need to be careful anything from the net, specially about crypto's because it is taking the world by storm and everyone one to take a slice of the pie.

I dont think you are cautious enough. If you have 2 computers then use one just for wallets you trust 100%. Nothing else.  And another computer for everything else, including some new coins signature campaigns where you download their wallets, that can actually be a malware.  But since you have nothing valuable in any other wallet on this computer you are perfectly safe.
Cicada1033
Full Member
***
Offline Offline

Activity: 168
Merit: 100


View Profile
September 25, 2017, 01:03:23 PM
 #7

The website https://neotogas.com/ did also run that script several days ago. My webbrowser was suddenly eating all my cpu power so I got suspicious and checkt the website's source code.

But I checked it again befor writing this post and they don't do it anymore. I guess they just did a test run.

ModulTrade ║  DEMOCRATIZING GLOBAL TRADE WITH BLOCKCHAIN TECHNOLOGY  ║ ModulTrade
The Freedom To Trade▬▬▬▬▬▬▬▬▬▬ White Paper ▬▬▬▬▬▬▬▬▬▬The Freedom To Trade
FacebookMediumLinkedinTwitterTelegramReddit
Red-Apple
Hero Member
*****
Offline Offline

Activity: 1470
Merit: 655


View Profile
September 25, 2017, 01:28:29 PM
 #8

that is just another reason for disabling things such as JavaScript in your browser. it is no longer a privacy improvement matter. these things are known to cause a lot of issues and open up a lot of "holes" in your security. when your browser can simply run a script god knows what are the things that are being run by sites you visit.

--signature space for rent; sent PM--
13abyknight
Sr. Member
****
Offline Offline

Activity: 602
Merit: 252


View Profile
September 25, 2017, 01:46:01 PM
 #9

More and more websites and services are beginning to play these dirty tactics on their users for free money and its only about to get worse as more sites use these miners. Piratebay mining from visitors staying on their webpage seems pretty okay as they rely on donations to run and keep up their servers but a for a famous service like Safebrowse, it looks like a desperate attempt at tricking its userbase for some quick money.
Cicada1033
Full Member
***
Offline Offline

Activity: 168
Merit: 100


View Profile
September 25, 2017, 01:58:15 PM
 #10

More and more websites and services are beginning to play these dirty tactics on their users for free money and its only about to get worse as more sites use these miners. Piratebay mining from visitors staying on their webpage seems pretty okay as they rely on donations to run and keep up their servers but a for a famous service like Safebrowse, it looks like a desperate attempt at tricking its userbase for some quick money.

It would actually be okey for me if they would tell you about it or if they would make it optional. If they do it secretly people will find out very quick that something is wrong and if they do it will massivly backfire. All people I told about this incident were really upset that the website hosters are doing this sectretly.

ModulTrade ║  DEMOCRATIZING GLOBAL TRADE WITH BLOCKCHAIN TECHNOLOGY  ║ ModulTrade
The Freedom To Trade▬▬▬▬▬▬▬▬▬▬ White Paper ▬▬▬▬▬▬▬▬▬▬The Freedom To Trade
FacebookMediumLinkedinTwitterTelegramReddit
carlisle1
Hero Member
*****
Offline Offline

Activity: 2744
Merit: 541

Campaign Management?"Hhampuz" is the Man


View Profile
September 25, 2017, 02:03:10 PM
 #11

I'm not familiar with that website but its alarming to see that, after piratebay and now also those fuacets like moonbit and freebit are also offering this mining
using cpu of our computers I'm not sure how profitable it is, but sorry if its not really related but I think it will showed more website who's using the same.
electronicash
Legendary
*
Offline Offline

Activity: 3234
Merit: 1055


View Profile WWW
September 25, 2017, 02:12:27 PM
 #12

when you thought they are somehow very noble on creating such site for we all can share files even from being very apart, they were also doing something else behind the scene. they could have just ask the pirates after all all are going to be willing to help. i'm not aware of this safebrowser but if its all bout the need of money - any noble one can turn to a greedy monster. its all for the money still.

    █▄       ▄                                            ████     ▐███▌                                                 
    ▐████▄ ▄██                                           █████     ████▌
    ▐█████████▌                                          █████     ████
▄▄▄▄▄███████  ▄▄▄▄▄▄▄▄                                   █████    █████                                 █████
  ▀█████▀▀  ▄██████████▄                   ████     ▄██████████████████████                             █████
    ▀▀  ▄▄██████████████                  █████     ██████████████████████                             ▄█████
    ▄██████▀██▀█████████     ▄██████   ▄██████████      ████     █████          ▄████████    ▄██████▄  █████  █████
    █████▀▀ ▀▀ ▀██████    ▄███████████ ███████████     ▐████     █████       ▄███████████  ██████████  ██████████████
    ███████ █ ██████    ▄█████▀ ▐█████  ▐█████         █████     █████      ▄██████▀ ████ █████▀  ▀██  ██████████████
    █████▄  ▄ ▄▄██████▌ ██████████████  ██████    ██████████████████████▄ ▄█████    █████ ████████     █████    █████
   ▐██████ ██ █████████ ████████████    █████▌    ▀██████████████████████ █████    ██████  ██████████ ▄████▀   ▄█████
   ████████████████████ ██████          █████          ████     █████     █████▄  ███████      ██████ █████    ██████
   ██████████████████   █████████████  ████████      ▄████    ▐████▌     ██████████████  ███████████ █████    █████
   ████████████████▀      ██████████     ███████▀     ████▀     ████▌     ████████▌ ███  ▀████████   █████    █████
|
  Bet on Future Blocks & Earn a Passive Income
         Supports Bitcoin, Ethereum, EOS and more!   
   🎰 Play Lottery
🎲 Play Dice
🍀Get Referral Bonus
    ▄████████▄
  █████▀█▀██████
 ████▄  ▄  ▀█████
██████▌ ▀▀▀ ▄████▌
██████▌ ███  ████▌
 ████      ▄▄████
  █████▄█▄█████▀
    ▀▀██████▀▀
    ▄▄███████▄
  ▄█████████████
 █████████▀ ▀▀███▄
▐███▌   ▀    ▐████
▐████        █████
 █████▀    ▄█████▀
  ▀█████████████
    ▀▀███████▀
   ▄▄███████▄▄
 ▄█████████████▄
▄████████▀▀   ███
████▀▀  ▄█▀  ████
██▄▄ ▄█▀     ████
▀█████      █████
 ▀████▄███▄ ███▀
    ▀███████▀
HardFireMiner
Full Member
***
Offline Offline

Activity: 872
Merit: 120



View Profile
September 25, 2017, 02:23:59 PM
 #13

So, any chance bitcointalk will start mining with javascript anytime soon? Cheesy

█  █  █  █    / / / / / / / /    Play Games, Earn Crypto!         █  █  █    \ \ \ \ \ \ \ \    Start Earning NOW by Playing Mind Improving Games!     █  █  █  █     \ \ \ \ \ \ \ \  Best Crypto Earning Games for Office Workers!       █  █  █  █  Free Withdrawals of BTC, Doge and ETH 
BTCLovingDude
Legendary
*
Offline Offline

Activity: 1134
Merit: 1010

BTC to the moon is inevitable...


View Profile WWW
September 25, 2017, 02:31:22 PM
 #14

More and more websites and services are beginning to play these dirty tactics on their users for free money and its only about to get worse as more sites use these miners.

what are these "many" sites that are doing this?
i have never encountered any of them except for hearing news like what OP shared! and don't forget that if they hide it, their reputation is ruined in less than a day because browser mining with a lot of pressure on the CPU is not something you can hide and even if the pressure is low it won't stay hidden for long. someone will eventually find it and that only takes an hour on popular sites and a little longer on smaller ones.

--looking for signature--
random8888
Member
**
Offline Offline

Activity: 83
Merit: 10

Another day another dollar


View Profile WWW
September 25, 2017, 03:03:19 PM
 #15

and this is the reason why i never install extensions unless they are from highly reputable authors.

sunk818
Full Member
***
Offline Offline

Activity: 1176
Merit: 111



View Profile WWW
September 25, 2017, 07:32:49 PM
 #16

this is coin-hive. the developer is working on a system where you have to explicitly opt-in to mine. the developer originally allowed the miner to start without opt-in and that is the reason why it got on the adblocker list.

monero difficulty is too high but javascript cpu mining, but they mentioned getting 10% of the total network hashrate through coin-hive. I think they're better off doing some sort of multipool to mine the most profitable coin that is cpu friendly and then trade that out for an altcoin. hopefully as atomic swap becomes a reality for more altcoins, this model could really sustain a web site in the future.

bitblaster
Member
**
Offline Offline

Activity: 111
Merit: 11

Bit Blaster


View Profile
September 25, 2017, 11:40:02 PM
 #17

I suggest they place a notice that they would be mining a bit of coins.  If the users are well informed and agree with that, it's okay. But stealing CPU power is not fair. I hope this was just a test !

bbc.reporter (OP)
Legendary
*
Offline Offline

Activity: 3122
Merit: 1491



View Profile
September 26, 2017, 01:01:04 AM
 #18

Maybe instead of Monero this webminer is also mining Aeon. There has been a very large increase in Aeon's hashrate again, and there are presumptions that it could be a botnet.

@Febo. You are most familiar with Monero and Aeon. What are your viewpoints on Aeon's increase in hashrate? Is it a botnet?

.
.DuelbitsSPORTS.
▄▄▄███████▄▄▄
▄▄█████████████████▄▄
▄██████████████████████▄
██████████████████████████
███████████████████████████
██████████████████████████████
██████████████████████████████
█████████████████████████████
███████████████████████████
█████████████████████████
▀████████████████████████
▀▀███████████████████
██████████████████████████████
██
██
██
██

██
██
██
██

██
██
██
████████▄▄▄▄██▄▄▄██
███▄█▀▄▄▀███▄█████
█████████████▀▀▀██
██▀ ▀██████████████████
███▄███████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
▀█████████████████████▀
▀▀███████████████▀▀
▀▀▀▀█▀▀▀▀
OFFICIAL EUROPEAN
BETTING PARTNER OF
ASTON VILLA FC
██
██
██
██

██
██
██
██

██
██
██
10%   CASHBACK   
          100%   MULTICHARGER   
Tipstar
Sr. Member
****
Offline Offline

Activity: 1946
Merit: 300


View Profile
September 26, 2017, 02:25:46 AM
 #19

Browser mining is being considered an alternative earning strategy for a website. Priatesbay's ads replacement seems okay with the nature of the site.
In safebrowse case, they were supposed to block such activities rather than do it themselves. They were probably hacked.
SamboNZ
Sr. Member
****
Offline Offline

Activity: 1064
Merit: 253


View Profile
September 26, 2017, 02:37:57 AM
 #20

Installing extensions is also like saying feel free to hack my device/machine.

I dont know whats this safebrowse is but i dont add extensions cos you dont know what it may contain.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!