back to article Another day, another cryptocurrency miner lurking in a Google Chrome extension

Another Chrome extension has been found secretly harboring a cryptocurrency miner – and it appears this issue is going to get worse before it gets better. Reg reader Alessandro Polidori, a Node.js software engineer, spotted the use of Coin Hive's Monero-crafting code in the “Short URL (goo.gl)” extension for Chrome. After …

  1. Diogenes

    As long as I am asked

    Give the choice of seeing ads or using my cycles while viewing your page, and don't be d**k and hog 95% and I would happily mine coins for you

    1. MyffyW Silver badge

      Re: As long as I am asked

      Darwinian principles will root out the worst offenders - if a web site slows my PC to a crawl I'll just not go there as often, as happened with the recent NetApp resource-hog advert on El Reg.

    2. This post has been deleted by its author

    3. Autonomous Cowherds

      Re: As long as I am asked

      @Diogenes - I agree. I would happily give a low percentage of cycles to support a website. This includes elReg - I'd happily flick a '10-30% mine to disable ads' switch.

      Honestly, I really want to support content that I like. I'd be happy to spend electricity on it. I much prefer this to opening my consciousness to manipulative, mind washing advertising pushed at my eyeballs (https://www.forbes.com/sites/ajagrawal/2016/06/12/how-nlp-can-boost-your-marketing-influence/#26b0e1717c13).

      That said, there are a number of players who rely on selling advertising to make lots of money. Viable alternative to advertising? Expect big players to bring out The FUD Gun!

    4. Rafael #872397

      Re: As long as I am asked

      AND I agree to the terms.

      Let's not think that, as the article says, ...There's nothing intrinsically malicious with software harvesting spare CPU cycles for stuff... -- it is my CPU.

      1. Neil Alexander

        Re: As long as I am asked

        "it is my CPU."

        Try telling that to Intel!

      2. I3N
        Mushroom

        Re: As long as I am asked

        Not the point, it is MY electricity and I'm paying ....

        1. AMBxx Silver badge

          Re: As long as I am asked

          What if it's not your electricity though? I have a website hosted on Azure. It's not especially busy. All I'd need to do is detect the number of current users. If nobody there, then thrash the living daylights out of the server.

          Is there something available to do this? Could even setup a free shared instance and run it day and night.

    5. Tom 7 Silver badge

      Re: As long as I am asked

      The thing is I've yet to find one of these things that actually puts in wait() statements or is even aware of nice. When I come across them I am normally notified by my cpu monitor showing 8 cpus running flat out and the fan kicking off like an asthmatic in a hurricane. They just grab every spare cpu cycle and give the game away.

      If I want to continue reading I just make a local copy of the document and fuck them off.

      Like you say - I'd be happy to pay but they're mostly not worth a small percentage of what they ask.

  2. Anonymous Coward
    Anonymous Coward

    Can the punishment for these lags, once caught be...

    ...actual rock mining, with picks, in chains?

  3. Mr Dogshit

    Please give generously

    I note with interest they've got a Donate button on their web site.

    1. Florida1920 Silver badge

      Re: Please give generously

      I note with interest they've got a Donate button on their web site.
      Do they draw your blood through your webcam?

      1. JoshOvki

        Re: draw your blood

        They are in crypto currency not marketing!

      2. FIA

        Re: Please give generously

        I note with interest they've got a Donate button on their web site.

        Do they draw your blood through your webcam?

        Please can someone get Noel Edmunds to do a video explaining the dangers of this online blood donation scam.

  4. Whitter
    Boffin

    HOSTS file

    Coin-Hive.com is an obvious must: any others?

    And for an Android handset: implement via uBlock Origin or the like?

    1. docwebhead

      Re: HOSTS file

      I recently added these entries to my /etc/hosts file:

      0.0.0.0 coinhive.com # mining js

      0.0.0.0 coin-hive.com # mining js

      So far so good...

  5. m-k

    an alternative to displaying ads

    were they REALLY that naive to think websites would run this as an alternative to ads, rather than on top of?

  6. This post has been deleted by a moderator

  7. cream wobbly

    Feed it junk

    Surely there's some enterprising yoof out there could monkey with the code a bit so it sends back garbage. It wouldn't take as much CPU time either, so it would vastly outweigh the valid data.

    I'd use *that* Chrome extension.

  8. charlypaz

    I think Internet is changing and we will no see annoying pop-ups in the future. I have a blog and I prefer monetize with a java script that with another annoying adbys. I found a platform called coinImp and insert the script to my site and i'm mining with visitors cpu but erased pop-ups and other annoying adbys.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019