Go to ...

RSS Feed

August 18, 2022

Beware of Browser Mining

Guess what? There’s a new kind of mining for digital currency emerging in the marketplace. It’s called “browser mining” and it works something like this. User visits web page; web page downloads mining widget; mining widget runs on user system generating hashes (and ultimately, spendable digital coins) for the web site operator. That sounds fair, right? WRONG! But unless you take steps to prevent this kind of thing, it could happen to you.

How to Detect Browser-Based Bitcoin Mining

As the global run on high-powered graphics cards attests, hashing for digital currency takes LOTS of computing resources. That’s why many users are reporting noticeable lags in performance on PCs where the bitcoin mining widgets take up residence. Let me introduce a new term in the interests of brevity and accuracy: I’d like to call this “bit-mining” because bitcoin is not the only digital currency for which hashing is rampant, and also because it’s shorter and easier to say and understand.

According to this story on Addictive Tips entitled “How to Block Bitcoin Mining in your Browser,” a variety of symptoms should raise flags with users that they may have fallen afoul of a bit-mining widget:

  1. Generally slower performance than usual. It’s not unusual for an affected Web browser to start sucking up 80-90% of CPU (or more) when a bit-miner gets going. You might notice high levels of CPU consumption in Task Manager, for example, associated with a browser such as Chrome, IE, Edge, Firefox, Opera, or whatever else might grace your desktop.
  2. Increased heat: a system that’s running hotter than usual is often being taxed more than usual, too. This, too, can be a sign that a bit-miner is at work. To the astonishment of my Win10.guru partner, Kari, I run Helmut Buhler’s 8GadgetPack on my Win10 PCs which, along with Core Temp, provide me with ongoing real-time system temps. I like keeping an eye on what my system is doing at all times, so I don’t begrudge the screen real estate or system resources involved in keeping me posted.

Beware of Browser Mining

CPU consumption looks good, temps look good: no bit-miners here!

  1. Odd or erratic system behavior. The mouse may jerk, audio may stutter, screen refreshes or scrolling may also be jerky. All these are symptoms of excessive consumption of system resources elsewhere, leaving not enough left over for the computer to do what its users wants it to do.

Checking for More Tangible Signs of Bit-mining

Techniques vary on a per-browser basis. Chrome makes this kind of thing dead simple, so I’ll use it to illustrate what’s up. In Chrome, click Settings (the ellipsis at the far top right of the browser window), then click More Tools → Task Manager, to see Chrome’s own in-built Task Manager window. It will show you what’s up in Chrome, including CPU and memory consumption, network bandwidth, process ID and more. This will very, very quickly help you zero in on bit-mining activity. You’ll see most of the CPU usage occurring in one or more browser tasks — they’re the one where the bit-mining is most likely happening. Conveniently, you can click on any process to highlight it, then click the “End Process” button at the lower right to get rid of it. It’s gone for now, but how can you keep such things from coming back? There are tools abounding to make that happen.

Blocking Bit-Miners from Your Browsers

One class of tools is available to help you fend off those who’d like to suck up your users’ computing resources. Chrome supports three such extensions — namely, minerBlock, No Coin and No Mining. Other browsers offer similar methods for blocking mining directly inside them (Firefox, for example, also supports No Coin). YMMV when it comes to this kind of thing, and it must be handled on a per-browser basis. [Note added 3/10/2018: earlier this week Microsoft reported blocking a massive coin mining attack via Windows Defender; see Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign for details.]

TenForums.com member Cliff S offers details on another way to block bit-miners: add them to the HOSTS file to block their ability to access your PC. This basically works by assigning the null IP address ( for domain names associated with known mining sites. The TenForums thread is entitled “Protecting Yourself from In-Browser Miners” and is well worth digging into. Cliff even explains how to edit the HOSTS file, and where to go to get the best block-list (namely CoinBlockerLists).

This is a new form of protection about which admins and security professionals should be aware. If you have some kind of endpoint protection in place, it’s time to contact the vendor and ask them if (and if so, how) their package provides protection against bit-mining. It’s a thing now, and a potentially productivity-pounding problem if left unchecked. My advice: better to deal with it sooner, rather than later!

Author: Ed Tittel

Ed Tittel is a 30-plus-year computer industry veteran. He’s a Princeton and multiple University of Texas graduate who’s worked in IT since 1981 when he started his first programming job. Over the past three decades he’s also worked as a manager, technical evangelist, consultant, trainer, and an expert witness. See his professional bio for all the details.

Tags: , , , ,

2 Responses “Beware of Browser Mining”

  1. February 20, 2018 at 11:13

    gnawing. layers below my consciousness. a briefly surfacing transient daymare. it happens to me–does it happen to you? at the core of this is what’s going on inside my PC–possibly soon to be extended to IoT devices(a).

    we visit websites that refresh themselves–one, on purpose or by accident, leaves her/his PC on some social media page or news media page open in the background–one takes for granted the just because she/he is doing nothing with her/his PC that the PC is also on a break–no fearful thought crosses one’s consciousness when seeing a little red dot or some other indicator at the top of a web page that shouts “you’ve got an update”–one is even often pleased.

    Run Eric Lawrence’s free web debugger(b) in full screen mode and see where your PC visited while you were out for lunch or on a nature break, you will see it’s been to places like Chartbeat even though you’ve never heard of Chartbeat.

    be worried–some code snippet could also be mining your computer for your banking data or e-mail credentials or…

    (a) example: is my refrigerator creating a profile for a gang of burglars who will learn my schedule so they can safely rob my home while i’m stocking up at Costco? (mine is not AFAIK because it’s not connected to anything but a wall plug–if your fridge is smart enough to let you know you’re out of hummus you might want to show more concern, if not today then in the coming months and years).

    (b) Fiddler is still free from Telerik (now owned by Progress Software).

  2. February 20, 2018 at 14:48

    It’s easy to wonder how far we’ll be taken by involuntary behaviors foisted on our PCs over the Web. But gosh! Love your recommendation/mention of Fiddler (find it at https://www.telerik.com/download/fiddler). It’s a terrific tool for understanding just what the browser is doing at runtime. I think it’s what you’re talking about, but I’m glad to be reminded of it anyway. Just also learned that Mr. Lawrence now resides in Austin (my home area) so I may have to chat him up over lunch sometime. Thanks for your comment!

More Stories From Admin Tools

Magbo Invite Codes Links: