[SingCERT] Alert on Browser-based Digital Currency Mining

Published on Thursday, 09 November 2017 15:52

[SingCERT] Alert on Browser-based Digital Currency Mining

Background

SingCERT has seen an increase in digital mining tools embedded in websites to secretly mine digital currency. These websites expend the user's Central Processing Unit (CPU) power without their permission.

Digital Currency is a form of currency that exists only in digital form, unlike traditional physical currency such as banknotes and coins. Digital currency is digitally created, held and transacted electronically through transfers of value on computer networks. Digital currencies are generated by mining software that run on computer systems on the internet, making use of the computational power of the hardware Central Processing Unit (CPU) and Graphics Processing Unit (GPU). Bitcoin, Monero and Ethereum are examples of digital currencies that make use of hardware computational power for digital mining.

Impact

Users will experience a significant decrease in computer performance when visiting these compromised websites. The digital currency mining tool running in the background could be taking 60 percent or more of the CPU’s resources.

Recommendations

Users are recommended to install anti-adware web browser extensions and antivirus tools in their computer.

For more specific recommendations, please refer to the following:

Chrome browser:

  • No Coin Chrome extension

    Installing Chrome extensions is the most straightforward method to stop coin mining in the web browser. No Coin is one such free solution. This open-source extension is a reliable and safe way to control how a website is interacting with your web browser. As soon as you visit a website, No Coin will detect and show if any such activity is going on. While this extension blocks any such activity, it also allows the user to whitelist a website for a period of time.
  • minerBlock Chrome extension

    MinerBlock Chrome extension is an alternate open-source tool that blocks digital currency mining in the web browser. This extension currently includes a few popular miner domains to their list, and they are expected to add more once they gain popularity.
Firefox browser:

  • Use NoScripts in Firefox

    Users can use JavaScript-blocking extensions like NoScript. However, usage of these extensions could break websites as it disables all scripts on the page.
Advanced users may wish to consider blocking miners domains by adding the following lines in hosts file located at C:\Windows\System32\drivers\etc.

0.0.0.0 afminer.com
0.0.0.0 coin-have.com
0.0.0.0 coinerra.com
0.0.0.0 coinhive.com
0.0.0.0 coinnebula.com
0.0.0.0 crypto-loot.com
0.0.0.0 hashforcash.us
0.0.0.0 jescoin.com
0.0.0.0 ppoi.org

References

https://www.bleepingcomputer.com/news/security/chrome-extension-embeds-in-browser-monero-miner-that-drains-your-cpu/

https://www.bleepingcomputer.com/news/security/coinhive-is-rapidly-becoming-a-favorite-tool-among-malware-devs/

https://hotforsecurity.bitdefender.com/blog/first-ever-crypto-mining-chrome-extension-discovered-18992.html

https://fossbytes.com/block-cryptocurrency-mining-in-browser/