back to article Crypto-jackers enlist Google Tag Manager to smuggle alt-coin miners

Crypto-jackers using Coin Hive code to secretly mine Monero via computing power supplied by the unsuspecting have found Google Tag Manager to be a convenient means of distribution. Security researcher Troy Mursch told The Register that he recently found Coinhive's free-to-use JavaScript running on the Globovisión website – …

  1. sabroni Silver badge

    Google Tag Manager allows marketers to create code to dynamically inject JavaScript snippets

    Thank fuck for NoScript.

    1. CrazyOldCatMan Silver badge

      Re: Google Tag Manager allows marketers to create code to dynamically inject JavaScript snippets

      And, having updated Firefox to Quantum, I'm happy that the NoScript dev has produced a version for the new plugin type..

      1. Thoguht Silver badge

        Re: Google Tag Manager allows marketers to create code to dynamically inject JavaScript snippets

        Yes, and just as well seeing that, according to NoScript, El Reg is using Google Tag Manager.

    2. The Dogs Meevonks

      Re: Google Tag Manager allows marketers to create code to dynamically inject JavaScript snippets

      Been saying this all along, NoScript is one of the most essential tools people require... and I'm so glad that it's been updated for Firefox Quantum as there was about 4-5 days I had no protection this week.

      1. Anonymous Coward
        Anonymous Coward

        Re: Google Tag Manager allows marketers to create code to dynamically inject JavaScript snippets

        Eek, 4-5 days without NoScript? Better nuke your device(s) from orbit, in case you haven't already. :P It's the only way to be sure.

  2. Voland's right hand Silver badge

    Hahaha

    Tag manager has been in my noscript blacklist for ages.

    I do not see the point of supplying even more info for the ad targeting engine (the tags). They leach enough as it is from other spyware sources.

  3. sloshnmosh

    Google is complicit

    ...Google allowed INTERNET permission for all apps which has created a security/privacy Whack-a-mole.

    1. DaLo

      Re: Google is complicit

      This is for websites so it would be unusual for the chrome or other browser not to have internet (or INTERNET) permissions. Save your aghast for a story about apps.

  4. DaLo

    I would suggest that this has happened either because someone at the TV site decided to add the miner to their site to 'test it out' whether with authorisation or not, or the company's Google account was hacked and so the hacked had access to the company's tag manager control panel. You probably won't find out as it would be blamed on a hacker anyway.

    If they had access to the website itself then they could just add the code directly or obfuscate with one of the many shortening services available.

  5. Sssss

    Doesn't seem like a tag dues it. Time to put these criminals in gaol, and kill tags on sight, and have a block switch. But dues the co-ooted internet operate that way these days?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020