Guess what? There’s a new kind of mining for digital currency emerging in the marketplace. It’s called “browser mining” and it works something like this. User visits web page; web page downloads mining widget; mining widget runs on user system generating hashes (and ultimately, spendable digital coins) for the web site operator. That sounds fair, right? WRONG! But unless you take steps to prevent this kind of thing, it could happen to you.
How to Detect Browser-Based Bitcoin Mining
As the global run on high-powered graphics cards attests, hashing for digital currency takes LOTS of computing resources. That’s why many users are reporting noticeable lags in performance on PCs where the bitcoin mining widgets take up residence. Let me introduce a new term in the interests of brevity and accuracy: I’d like to call this “bit-mining” because bitcoin is not the only digital currency for which hashing is rampant, and also because it’s shorter and easier to say and understand.
According to this story on Addictive Tips entitled “How to Block Bitcoin Mining in your Browser,” a variety of symptoms should raise flags with users that they may have fallen afoul of a bit-mining widget:
- Generally slower performance than usual. It’s not unusual for an affected Web browser to start sucking up 80-90% of CPU (or more) when a bit-miner gets going. You might notice high levels of CPU consumption in Task Manager, for example, associated with a browser such as Chrome, IE, Edge, Firefox, Opera, or whatever else might grace your desktop.
- Increased heat: a system that’s running hotter than usual is often being taxed more than usual, too. This, too, can be a sign that a bit-miner is at work. To the astonishment of my Win10.guru partner, Kari, I run Helmut Buhler’s 8GadgetPack on my Win10 PCs which, along with Core Temp, provide me with ongoing real-time system temps. I like keeping an eye on what my system is doing at all times, so I don’t begrudge the screen real estate or system resources involved in keeping me posted.
CPU consumption looks good, temps look good: no bit-miners here!
- Odd or erratic system behavior. The mouse may jerk, audio may stutter, screen refreshes or scrolling may also be jerky. All these are symptoms of excessive consumption of system resources elsewhere, leaving not enough left over for the computer to do what its users wants it to do.
Checking for More Tangible Signs of Bit-mining
Techniques vary on a per-browser basis. Chrome makes this kind of thing dead simple, so I’ll use it to illustrate what’s up. In Chrome, click Settings (the ellipsis at the far top right of the browser window), then click More Tools → Task Manager, to see Chrome’s own in-built Task Manager window. It will show you what’s up in Chrome, including CPU and memory consumption, network bandwidth, process ID and more. This will very, very quickly help you zero in on bit-mining activity. You’ll see most of the CPU usage occurring in one or more browser tasks — they’re the one where the bit-mining is most likely happening. Conveniently, you can click on any process to highlight it, then click the “End Process” button at the lower right to get rid of it. It’s gone for now, but how can you keep such things from coming back? There are tools abounding to make that happen.
Blocking Bit-Miners from Your Browsers
One class of tools is available to help you fend off those who’d like to suck up your users’ computing resources. Chrome supports three such extensions — namely, minerBlock, No Coin and No Mining. Other browsers offer similar methods for blocking mining directly inside them (Firefox, for example, also supports No Coin). YMMV when it comes to this kind of thing, and it must be handled on a per-browser basis. [Note added 3/10/2018: earlier this week Microsoft reported blocking a massive coin mining attack via Windows Defender; see Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign for details.]
TenForums.com member Cliff S offers details on another way to block bit-miners: add them to the HOSTS file to block their ability to access your PC. This basically works by assigning the null IP address (0.0.0.0) for domain names associated with known mining sites. The TenForums thread is entitled “Protecting Yourself from In-Browser Miners” and is well worth digging into. Cliff even explains how to edit the HOSTS file, and where to go to get the best block-list (namely CoinBlockerLists).
This is a new form of protection about which admins and security professionals should be aware. If you have some kind of endpoint protection in place, it’s time to contact the vendor and ask them if (and if so, how) their package provides protection against bit-mining. It’s a thing now, and a potentially productivity-pounding problem if left unchecked. My advice: better to deal with it sooner, rather than later!
Author: Ed Tittel
Ed Tittel is a 30-plus-year computer industry veteran. He’s a Princeton and multiple University of Texas graduate who’s worked in IT since 1981 when he started his first programming job. Over the past three decades he’s also worked as a manager, technical evangelist, consultant, trainer, and an expert witness. See his professional bio for all the details.