First Ever Malvertising Campaign Uses JavaScript To Mine Cryptocurrencies In Your Browser
An anonymous reader writes from a report via Bleeping Computer: Malware authors are using JavaScript code delivered via malvertising campaigns to mine different cryptocurrencies inside people's browsers (mostly Monero), without their knowledge. The way crooks pulled this off was by using an online advertising company that allows them to deploy ads with custom JavaScript code. The JavaScript code is a modified version of MineCrunch (also known as Web Miner), a script released in 2014 that can mine cryptocurrencies using JavaScript code executed inside the browser. Cryptocurrency mining operations are notoriously resource-intensive and tend to slow down a user's computer. To avoid raising suspicion, crooks delivered malicious ads mainly on video streaming and browser-based gaming sites (currently mostly Ukrainian and Russian sites). Both types of sites use lots of resources, and users wouldn't get suspicious when their computer slowed down while accessing the site. Furthermore, users tend to linger more on browser games and video streaming services, allowing the mining script to do its job and generate profits for the crooks.
I block all advertising on the web (Score:1)
So this doesn't affect me.
Got to say (Score:3, Informative)
Genius.
Despite being one of the causes of adblocker proliferation it's a nice change from the usual destructive malware in ads.
Must admit I've never really understood why advertising companies allow advertisers to run potentially unsafe code via their network. Surely it reflects badly on them and I'm too ignorant to understand the need for custom code with an advert.
But how much currency can it mine?
How long are ads displayed for? Probably not long in most cases. Many browsers, especially Chrome, throttle Javascript or even stop it running entirely to save energy when the user isn't interacting with the page. And Javascript isn't exactly known for its high performance when it comes to maths.
A lot of processing will be wasted. Anything that ends before the minimum work unit that can be saved is complete is lost.
If they are mining a popular currency the chances are Javas
And Javascript isn't exactly known for its high performance when it comes to maths.
That was my first thought. People spend so much on top-tier GPUs for mining, and these guys go for JS.
I bet the malware guys are using this as a proof-of-concept for something else.
Don't run javascript. (Score:1)
Yet another excellent reason not to allow javascript. Javascript is cancer of the internt.
