back to article What do Vegas hookers, Colombian government, and 30,000 other sites have in common? Crypto-jacking miners

Over the past few months there has been an alarming rise in the number of websites running code that silently joyrides computers and secretly makes them mine digital currency for miscreants. The latest count suggests more than 30,000 sites are quietly running JavaScript miners on people's PCs and handhelds – way more than …

  1. Anomalous Cowshed

    Vegas hookers take euros now?

    Nice body though... (since this comment must have a body)

    1. Michael Thibault

      Re: Vegas hookers take euros now?

      Those branché(e)* do. Apparently. You can even pay in yen, or rials.

      * vernacularly: 'wired', or 'plugged-in'

  2. Shadow Systems Silver badge

    I just turned off JS entirely.

    Use NoScript if you absolutely require JS to use certain sites, otherwise just disable it (JS specificly, any scripting in general) to avoid the hassles in the first place.

    Good luck running your crappy code on my machine when I've configured it not to allow any scripting at all!

  3. Anonymous Coward
    Anonymous Coward

    Good luck running your crappy code on my machine

    You must be talking about the new Linux kernel, then..Said with a smile, even Linus said it was shit.

  4. simonb_london

    Less intrusive than adverts

    As long as the website is transparent about and doesn't try to use all available CPU cores it I don't see it as a problem.

    I am fed up with JS jack-in-the-box pop-ups that take over the whole screen. Adverts seem to get past ad blockers, play video, make noise and generally make the user experience frustrating. We need to explore other non-paywall alternatives.

    1. lglethal Silver badge
      Go

      Re: Less intrusive than adverts

      Two different things here:

      1) The article mentions that the majority of these sites dont know there being used for harvesting coins. So there's no way they can be transparent about it, and thus it is a Problem. Also it makes it a Problem for those sites that are straight forward about it, as the association will quickly bcome that if you have a miner on your site it is there illegally/unwittingly, so your site cant be trusted, so People will block everything. Boom you've lost your advertising AND mining income.

      2) If you're really suffering from pop-up and problems with adverts, then you probably need to invest some more time in finding a better solution. Firefox with NoScript and ADP works extremely well, but takes some time to get working optimally (i.e. letting sites you visit regularly allow specific things that you want). Similar solutions exist on most other browsers (mu script, etc - I'm sure other users here on El reg can make suggestions for their browser of choice), so you really should be able to remove the problem no matter what your setup.

  5. Alan J. Wylie

    WebAssembly

    WebAssembly will be more efficient than plain JavaScript

  6. This post has been deleted by its author

  7. MJI Silver badge

    So Vegas has a Rugby team?

    And what about the Props and Fly Half?

    1. Alister Silver badge
      Thumb Up

      Re: So Vegas has a Rugby team?

      Nice try MJI but I think for most people that will be a Whoooooooooosh!

      1. MJI Silver badge

        Re: So Vegas has a Rugby team?

        >>Whoooooosh

        Don't think so. Everyone knows what a Hooker is. Some people remember Stanley of course, but most people seem to think of the sweaty Rugby player.

        But then there was the wierdness of a boy at school who liked football, many thought it strange.

        I was useless as too shortsighted.

        1. tiggity Silver badge

          Re: So Vegas has a Rugby team?

          You can be short sighted and play as a forward, don't have to move far, passes you need to make are short, chance of needing to long kick are minimal: As a back however, you do to be able to see OK

  8. xeroks

    also apps?

    Interesting article.

    It made me wonder about how prevalent and detectable similar techniques would be if implemented on mobile apps.

    As an example, I recently started playing a iOS game. It's very engaging, so I spent far too long playing it over the weekend.

    It is free, but with the usual opportunities to pay to remove advertising, boosts, customisations etc.

    However, while I've been playing it, I've noticed my iPad (Air 2) gets pretty hot and chews through battery. It's only a platform-type game, and while there are quite a few animations going on, it doesn't look - to me - like it should be so intensive.

    That got me thinking how easy it would be to include code running some other task - say bitcoin mining - in the background. These kind of games require internet access to fetch ads and content so any data transfer required to support the task could be easily disguised.

    Is it possible to determine if the app is doing that? Or if it's simply inefficient coding that's causing my hands to get nice and toasty?

    1. iron Silver badge

      Re: also apps?

      You're late. The crypto jackers already have apps mining Monero et al in the app stores. Just check the numerous articles here and on Ars in the last few weeks.

  9. This post has been deleted by its author

  10. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019