StopAd protects your system from abuse by website cryptocurrency miners

Cryptocurrency

StopAd ad blocker takes on a new role. Up until now, it was a tool to help users get through the websites overpopulated with ads without losing their mind. Now StopAd is also a cure for websites trying to “annoy”, or rather abuse your system’s computing power to help site owners earn a buck. Yes, at the expense of your computer’s resources and without you knowing it.

In this case, website owners place Javascript code on their site, which upon execution allows them to mine cryptocurrency (like Bitcoin) by employing your PC’s CPU (central processing unit) resources.

What’s a cryptocurrency and why websites are after it?

Cryptocurrency is a completely digital asset that serves as a medium of exchange and can be digitally stored or transferred to another party. It doesn’t have any physical representation like U.S. dollars. Unlike  physical currencies stored in cash or electronically by banks, it doesn’t have a centralized “banking system” to store the ledger of all transactions. It is publicly open so every participant can see all transactions as well as keep their own ledger. At the same time, no one can control it single-handedly, it’s a peer to peer network in its essence.

One of the oldest cryptocurrencies, Bitcoin, has up to 6 million users worldwide with over 100000 merchants accepting payments in bitcoin, Microsoft, Steam and Tesla among them.

Cryptocurrencies aren’t controlled by governments, and making a transaction with them doesn’t require personal data, providing some anonymity to their owners.  All cryptocurrencies heavily rely on cryptography for validation of transactions to be added to public ledger and creation of new units of cryptocurrency ( a process called mining). Mining requires solving complex computational problems that upon being solved will award a certain amount of new currency units to the miner who solved the problem. These problems are:

  • Extremely difficult to solve (creating value for new currency units and helping to keep the system clean from fraud)
  • Demanding an impressive amount of computer resources (CPU/GPU computing power) and electricity
  • Requiring special software and hardware (it’s quite expensive)

One of the oldest cryptocurrencies, Bitcoin, has up to 6 million users worldwide with over 100000 merchants accepting payments in bitcoin, Microsoft, Steam and Tesla among them.
Despite being frowned upon by banks and governments due to lack of control and regulation, it seems that cryptocurrencies are becoming a trivial payment method for many offline and Internet-based businesses and services. On March 3rd, 2017, Bitcoin price surpassed the price of gold for the first time in history, and today’s Bitcoin to USD exchange rate is astonishing:

Bitcoin cryptocurrency price
Bitcoin to USD exchange rate on September 26,2017 and its dynamics in past years

Other cryptocurrencies are cheaper, of course, but still, have their  value on the market.

How websites have started to mine cryptocurrency

Websites with a large volume of daily visits are always on the lookout for new monetization opportunities, and the solution offered by the tool named Coinhive has quickly attracted their attention. On their website, it says: “Monetize your business with users’ CPU power.” The service offers website owners to earn by mining Monero Blockchain, yet another cryptocurrency. It is also mentioned that this type of revenue generation will let websites provide ad-free experience for users. According to Coinhive creators, their service can be a win-win for website owners and their audience.

Due to the settings error, users ended up with their CPU’s reaching peak performance for no obvious reasons, but they were quick to uncover the actors behind the issue.

The logic is quite simple: users visit the site for content and while they’re enjoying the game or a video, their CPU is used for computations resulting in website owner’s income. However, further developments have shown that abuse can diminish the value of Coinhive’s service.


Lack of respect for users’ consent and control has been once again demonstrated by some of the most visited sites. Not long after Coinhive went live this September, Thepiratebay.org placed their Javascript code on its website without a notice to the users. Due to the settings error, users ended up with their CPU’s reaching peak performance for no obvious reasons, but they were quick to uncover the actors behind the issue.

More reputable sites like CBS’s Showtime have also been caught red-handed by security researchers to trying to pull off the same trick, capitalizing on unsuspecting users.  Large sites failed to recognize the need for upfront disclosure of their monetization practices or providing users with the possibility to opt-out, turning the situation into system hijack.

No wonder that crooks behind malvertising  and adware couldn’t pass on this opportunity as well switching from ransonware to  exploit kits dropping executables like Zminer, to enslave users’ CPU.

StopAd creates filter to protect all major browsers from cryptocurrency miners

But there is also good news

StopAd engineers have been keeping an eye on the situation and prepared a set of rules or in other words “filter” to help our users avoid their system resources hijacking. Our solution may be used on all major browsers: Chrome,Firefox,Edge,IE, and Safari. It doesn’t matter whether it’s a legit site failing to provide opt-out possibility or a malvertising campaign aiming to install malicious miner payload – StopAd is always here to protect you.

 

 

Share