Posted on

Firefox Plans to Block Crypto Mining Malware in Future Releases

Firefox, the popular Web browser, will soon begin automatically blocking crypto mining malware scripts as part of a wider performance-enhancing push.

The Mozilla Foundation, the not-for-profit organization behind the open-source browser, said Thursday that it intends to block trackers and other “harmful practices” in upcoming releases.

Some of these features, such as the anti-tracking function, are already available in its Firefox Nightly beta version.

The goal is to prevent third-party scripts from hampering the user experience, according to Mozilla vice president of product Nick Nguyen. These scripts are generally embedded within websites and can commandeer a user’s computing power without their knowledge.

Scripts that hijack an individual’s unused computer power to mine cryptocurrencies also fall into this category.

“Deceptive practices that invisibly collect identifiable user information or degrade user experience are becoming more common,” Nguyen wrote, adding:

“For example, some trackers fingerprint users — a technique that allows them to invisibly identify users by their device properties, and which users are unable to control. Other sites have deployed cryptomining scripts that silently mine cryptocurrencies on the user’s device. Practices like these make the web a more hostile place to be. Future versions of Firefox will block these practices by default.”

The Firefox Nightly version will be used to test the functionality of the new features. And if successful, users may begin seeing them enabled by default in the Firefox 63 release.

Mozilla joins other browser developers, including Opera and Google, in trying to protect its users from malicious miners, which can slow down the user experience at best and damage their computers at worst.

Opera announced in January that it was rolling out miner protection to the smartphone version of its browser, which would also be active by default. The company already offered cryptominer protection on its desktop version.

Google, meanwhile, has banned any cryptomining apps from its Play Store, though it has not made any official statements regarding automatically blocking scripts embedded within websites.

Firefox image via Faizal Ramli / Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

Opera Is Testing a Mobile Browser With a Built-In Crypto Wallet

In a first for the company, Opera is launching new browser software that has a built-in cryptocurrency wallet.

The browser maker said Wednesday that its “new version of the Opera browser for Android… combines easy-to-use crypto wallet functionality with support for the Ethereum Web3 API.” The browser is currently in private beta, which the company is now inviting new users to join.

This means users no longer have to open a new web browser or download a separate extension to send, receive and pay in cryptocurrency – now they can do so directly from a toggle on their browsers on mobile Android devices.

It is an especially useful announcement for developers of decentralized web applications – more commonly known as dapps – given that the new browser functionality indicates users can now more easily interact with dapps being built on the ethereum network.

Charles Hamel, the product lead on Opera Crypto, explained in a statement:

“We believe the web of today will be the interface to the decentralized web of tomorrow…By becoming the the first major browser to open up to Web 3.0, we would like to contribute to making the internet of the future more accessible.”

Boost to Web 3.0

That term “Web 3.0” refers to the vision of a decentralized Internet built on top of the ethereum blockchain that connects users to various dapps and peer-to-peer networks.

As previously reported, some dapps such WeiFund have already been developed for the express purpose of being used on Web 3.0-enabled browsers equipped with embedded wallets.

In effect, the newly released browser with built-in crypto wallet functionality by Opera boasts a “simple” user interface that builds on “existing browser wallets/dapp browsers…with a default WebView.”

As such, the company expects to lower “the entry barrier to Web 3.0 for users” and offer the path for those wanting to “venture into the world of dapps and cryptocurrencies.”

Wednesday’s launch follows an announcement in January, when the company introduced cryptocurrency miner protection for users of mobile Android devices as part of the browser’s native ad-blocker functionality.

Interface image courtesy of Opera

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

UK Cyber Security Division Issues Warning on PC 'Cryptojacking'

Cryptojacking – the act of hijacking a user’s computer to mine cryptocurrencies – is likely to “become a regular source of income for website owners,” the British government’s communications division warned Tuesday.

The U.K.’s National Cyber Security Centre, the technology wing of the Government Communications Headquarters, highlighted cryptojacking as a “significant” concern in its latest “cyber threat to UK business” report. In particular, the report singled out websites which mined cryptocurrencies without users’ permission, noting that 55 percent of businesses worldwide suffered from cryptomining attacks last December. The report specifically referred to monero, which has frequently been mined through browser application Coinhive, as one example.

Nor have the attacks lessened in 2018. The report noted that more than 4,000 websites secretly mined a cryptocurrency using a plugin for visually-impaired users. The report noted that “the only way users may notice their devices are being cryptojacked is a slight slowdown in performance.”

The document continued:

“The technique of delivering cryptocurrency miners through malware has been used for several years, but it is likely in 2018-19 that one of the main threats will be a newer technique of mining cryptocurrency which exploits visitors to a website.”

The agency added that “we assume the majority of cryptojacking is carried out by cyber criminals, but website owners have also targeted visitors to their website and used the processing power of visitors’ CPUs, without their knowledge or consent, to mine cryptocurrency for their own financial gain.”

That being said, some sites may mine cryptocurrencies with their users’ permission, the report noted, citing Salon as an example. The publication announced in February that it would let its readers choose between advertisements and cryptocurrency mining in order to access its content, as previously reported. However, the report noted that this was only a trial.

The report advised users to use ad blockers and antivirus programs which include browser mining blocks to prevent their computers from being hijacked.

Monero image via Sharaf Maksumov / Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

Salon Offers Readers Choice Between Ads and Mining Monero

Digital media publication Salon is offering its visitors an alternative to traditional online ads: allowing the site to use their computer processing power to mine cryptocurrency.

In order to provide free content, Salon primarily depended on advertisements to run its servers, the company explained in a blog post published on Monday. However, digital ads are insufficient to fully pay for most media outlets – the site noted that ad revenue fell $40 billion from 1999 to 2010 – and Salon, in particular, has decided to offer users a new option to pay for content.

Salon will profit by selling “a small percentage of [users’] spare processing power to contribute to the advancement of technological discovery, evolution and innovation,” the company explained. While they don’t come out and say it directly, the site, according to The Verge, is using the open-source CoinHive software in order to mine the cryptocurrency monero.

“The demand for computing power across many different industries and applications is potentially very high. We intend to use a small percentage of your spare processing power to contribute to the advancement of technological discovery, evolution and innovation. For our beta program, we’ll start by applying your processing power to help support the evolution and growth of blockchain technology and cryptocurrencies,” the company wrote on the blog.

In contrast with the malware approach, which seeks to use as much of a computer’s processing power as possible in order to maximize the return drawn from mining, Salon says it will eschew that by actively adjusting how much processing power is being used by their crypto-miner, explaining:

“We automatically detect your current processing usage and assign a portion of what you are not using to this process. Should you begin a process that requires more of your computer’s resources, we automatically reduce the amount we are using for calculations.”

Coinhive is one of the most-used browser-based mining programs, as previously reported by CoinDesk. The service offers a Javascript-based application which website owners can embed on their sites.

However, the developers reportedly did not expect malicious actors to take advantage of the platform as much as they have. The developers preferred that websites are up-front about their use of the miner, according to a story from Motherboard.

Mining data image via Shutterstock

The leader in blockchain news, CoinDesk is an independent media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. Have breaking news or a story tip to send to our journalists? Contact us at news@coindesk.com.

Posted on

Opera Browser Adds Cryptocurrency Miner Protection for Smartphones

Cryptocurrency mining malware embedded in websites is increasingly becoming a problem for smartphones, but the Opera web browser is trying to remove the threat for its users.

Opera, which already introduced cryptocurrency miner protection in its desktop-based versions, is now putting the same feature into its smartphone browsers, the company announced Monday.

The new feature will be available on Opera Mini and Opera for Android, according to a press release, and is part of the browser’s native ad blocker function.

According to the press release:

“The new anti-cryptocurrency mining feature is activated by default when you enable the ad blocker on Opera Mini (iOS and Android) or Opera for Android. The ad blocker can be enabled by going to ‘settings’, and it will automatically detect and stop the mining scripts written into the code of a webpage.”

Opera estimates that more than a billion devices worldwide are slowed down by website-based cryptocurrency miners that users do not realize are “cryptojacking” their browsers. On the other side of the browsing experience, the company believes there are now more than 3 million websites with embedded cryptocurrency miners.

Making it tricky for users to know there’s a problem, there may be no visual cue that a miner is taking advantage of a web browser, according to the firm.

Cryptocurrency miners can overload smartphones’ CPUs, forcing 100 percent usage and potentially causing a phone to overheat.

And the damage can sometimes be permanent. According to a ZDNet article, one trojan generated so much heat in a phone, its battery became swollen, permanently damaging the phone. While excessive ads were one reason for the heat generation, the main cause was that the phone’s CPU was hijacked to mine for Monero.

The trojan was so effective, it “wrecked the phone within 48 hours,” according to the article.

Opera’s new feature is already available, and the browser can be downloaded from the Google Play store, according to the release.

Opera image via Shutterstock

The leader in blockchain news, CoinDesk is an independent media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. Have breaking news or a story tip to send to our journalists? Contact us at news@coindesk.com.