The web is full of consumer danger. In fact it seems that the seco0nd we tackle a problem, a new one pops up. First the popup ads (which AdBlock got rid of), then HTML5 canvas fingerprinting, AKA the Supercookie (which Firefox 58 will be taking care of). But now, a new danger rises: Online cryptocurrency mining.
Before we dive in, let me give you some background. Cryptocurrency is an online form of money that, due to its complex signing system, is virtually untraceable. Bitcoin is the biggest, because of the mystery surrounding its creator, Shatoshi Namakato and because it’s used as a payment form in many ransomeware programs, notably including WannaCry. The basic idea is that cryptocurrency is decentralised, i.e, not controlled by any one person or group.
How do you get cryptocurrency? Well, you can either buy it (at time of writing, Bitcoin has just passed the $10,000 mark) or you can mine it. Cryptocurrency mining is done by using your computer’s CPU and GPU to decode cryptographoic codes, the success of which is rewarded with cryptocurrency. If we use Bitcoin as an example, currently 14 million have been mined. Once 21 million have been, thats it. There will be no more. As well as that, the cryptographic codes become harder as more Bitcoins are mined, to emulate increasing rarity.
Cryptocurrency mining is one of the main ways to get rich quick. Over the last year or so, the popularity has exploded to the point where many companies sell computers built with mining in mind. And now, the web has caucht on.
What Web-Based cryptocurrency does is it utilises your computer’s CPU and GPU to do the mining for them. Which is very bad because it uses up resources that your browser could otherwise be using.
In this scenario, you have three choices:
- Run around screaming for 20 minutes, then quit the Internet.
- Submit, which means going to buy yourself a one of those insane new Core i9 chips and an NVIDIA GeForce GPU
- Do something about it.
We, obviously, are going to do something about it.
Your browser will not protect you. Web browser manufacturers are responding to the problem, but it’s a new one so they haven’t had time to do anything about it. Google Chrome’s devs are discussing solutions on this bug thread. You can join in the discussion too, but it would only make sense if you use Chrome or Opera, or you actively develop Chromium.
The main problem is that you can’t just blacklist sites known to mine from people, because then more pop up and then you find yourself playing a giant game of Whac-a-Mole. Netflix does this with VPNs, and they don’t fair too well, as we all know. There is a proposal to limit the CPU sites can use, but that has its own problems
While browser makers can’t do much about this for the now, antivirus people can and now the Premium version of MalwareBytes will hold you safe. Of course, if you a) don’t want to or b) can’t afford to splash out on MalwareBytes Premium, there’s always
Browser Extension Protection
When our browsers don’t do stuff, browser extensions do. While popular ones have been bought out and changed to adware (the popular exension Honey was recently almost bought by a company known to do this) in the past, this one, being open source should be fine. It’s called No Coin, and it pretty much blocks cryptocurrency miners. It’s avalible for Chrome, Firefox and Opera. Safari and Edge users won’t be getting this one, which I suspect is because it costs money to get your extensions in there.
Will you be protecting yourself from cryptocurrency mining? How will you do so? Please let us know in the comments!