How to block cryptocurrency mining in web browser? (Part-2 - Solutions)

For the first part, please refer here.

How to block cryptocurrency mining in web browser?

In my previous blog on the subject I had given brief information on how the website owners were secretly trying to monetize by running cryptocurrency mining scripts on your browser, causing your cpu to spike. The common symptom is your CPU gets too hot too quickly when you visit a website (and most probably drains your battery too quickly). 

This method is commonly known as coin-hive mining or cyrptojacking.

How to detect if the site is running cyrptocurrency mining on your web browser?

Check for your browser's CPU usage. Sadly the mining javascript code has been optimized for Windows OS's as it's the most common OS out there. Reseach shows that Internet Explorer and Google Chrome are the ones who gets the most of the polarity as the script allows the browsers to run in the background, even the window is closed. 

But this doesn't mean it doesn't affect other OS'es such as the OSX or Linux. It does. As the most browsers are platform independent and it is executed on the browser, the cryptojacker code functions worse than on Windows computers as it can result in spiking your CPU utilization over 200%.

1. So first step is to select from browser settings to stop allowing it to run in the background (most people allow their browsers to run in the background due to the addons in the browsers such as the mailcheckers). If the the browser CPU usage is above 50% this generally means, someone is using your CPU without your permission. 
2. If you know your way around in Windows, you can block access to the mining sites from your windows hosts file (you need admin permission to modify the file). This way by blocking particular domains your browser won’t be able to connect to these domains. We can edit the hosts file and redirect it to 0.0.0.0. Your hosts file is located at C:\Windows\System32\drivers\etc subfolder.

For Linux users. type sudo nano /etc/hosts which will give access to your hosts file. Just add the addresses of the domains to the host file as stated below. 

3. Use browser Chrome browser extensions to block cryptojacking websites from Google web store. Frankly I was going to advise the extension "No Coin", but, though it worked perfectly in the begining, as the developer has stopped updating the code, it does NOT work anymore. Most probably, cryptojackers found a way to bypass the blocker, which makes the addon useless (most sites on the net refer to No Coin as being the best addon, but it's not. That's why I have shared this information). 

Instead I am advising to use "minerBlock" which a simple, lightweight addon which works perfectly. The extension uses two different approaches to block miners. The first one is based on blocking requests/scripts loaded from a blacklist, this is the traditional approach adopted by most ad-blockers and other mining blockers.

The other approach which makes MinerBlock more efficient against cryptojacking is detecting potential mining behavior inside loaded scripts and kills them immediately. This makes the extension able to block inline scripts as well as miners running through proxies.

There's also a minerBlock extension available for Firefox browsers, which also functions perfectly. 

BEWARE: MinerBlock addon should be only installed from Chrome Webstore or Firefox web store as it is known that some n00b has created a fake version of this addon, which when installed, instead of blocking cryptojackers, it plays a loop of videos in the background, causing your cpu to spike. 

4. Though it's not my first preference, you can also block the cryptojack sites by adding custom filter to your Ad Blocker (AdBlock Plus is the best so below are for Adblock Plus)

In Chrome, click on the menu button, More tools, and then Extensions. Find Adblock Plus, click on Options, click the “Add your own filters” tab at the top, and in the text field that appears enter ||coin-hive.com/lib/coinhive.min.js and click +Add Filter. (Note: This is only an example of a domain to be blocked. The complete list can be downloaded from here)

In Firefox, select the Firefox menu (Tools on OS X and Linux), choose Add-ons, and find Adblock Plus. Choose Preferences to access the Adblock Plus profile, click on Filter Preferences, hit “Add filter subscription” and add coin-hive.com/lib/coinhive.min.js. (Note: This is only an example of a domain to be blocked. The complete list can be downloaded from here)

On Android, open the Adblock Plus application and select Filter Subscription. You can’t select multiple filterlists, so you’ll have to change your filterlist subscription.

References:https://www.bleepingcomputer.com/news/security/fake-minerblock-extension-repeatedly-playing-videos-in-the-background/

https://fossbytes.com/block-cryptocurrency-mining-in-browser/

https://venturebeat.com/2017/09/21/adblock-plus-can-now-protect-your-computer-from-being-hijacked-to-mine-cryptocurrency/