Crypto-Loot
We have already written a couple of articles concerning a recently developed scheme for mining the Monero Cryptocurrency known as cryptojacking. The concept of this scheme is as follows: a JavaScript code is added to a website, a web service or an app such as a browser extension, which code commands the PC that visits the site or uses the app/web service to use its CPU for Monero mining. Up until no more than a day ago, the only method to implement this scheme was a JavaScript called CoinHive. However, a new service that offers similar functionality has been introduced and its name is Crypto-Loot. Due to its recent release, it hasn’t been as widely implemented and used as CoinHive, yet we believe that Crypt-Loot will likely grow in popularity rather rapidly. One thing to note is that while CoinHive developers keep 30% of the profits made using their script, Crypto-Loot only collects 12% making it seem like an ever more desirable option.
Is cryptojacking illegal
Both CoinHive “Virus” and Crypto-Loot are initially legal methods for gaining revenue in the form of Monero. However, similarly to more conventional methods for making profits online like web advertising, Monero mining through those JavaScript codes comes at a price and that price is paid by the users. When you see ads online they are often annoying and obstructive. With cryptojacking, the issue is that your PC gets forced to use its resources for somebody else’s profit. Surely no one wants to have their machine works slower due to increased CPU usage for the benefit of someone else. However, as we already said, the sheer use of use of CoinHive or Crypto-Loot isn’t illegal. What might be considered as illegal or illegitimate is the way those scripts get used.
How are these JavaScripts getting used?
You see, in order for the use of either one of these two methods to be legitimate, the user needs to be explicitly notified about the Monero mining JavaScript and must also be provided with an option to disable the script so that the mining would stop. Unfortunately, most sites and apps that have been reported to implement this scheme haven’t met those requirements. This leads to a lot of users who have their machines slowed-down without actually knowing why that is happening.
Some prominent examples of use of cryptojacking from the past couple of weeks are when sites like PirateBay and Showtime had the CoinHive JavaScript within their code. Also, a Web Store extension known as SafeBrowse was also reported to use the same script. There are other examples as well and most of them are with CoinHive since it has been around for a longer period of time.
On the other hand, the number of legitimate uses of such scripts is rather small. One such example is a YouTube app for interface management called Iridium, where the user is allowed to switch off the Monero mining. Also, another instance of CoinHive being properly used is in PublicHD, a torrent tracker where the user gains site credits in if they keep the Monero mining enabled.
Ways you can prevent cryptojacking
If you want to prevent sites and apps from exploiting your computer’s processors through cryptojacking, there are coupe of methods that you can try.
- Firstly, you can use an ad-blocker app (for example AdGuard, AdBlock Plus) to prevent website cryptojacking since some such tools offer this form of protection.
- Secondly, there are also specialized Chrome extensions for blocking CoinHive scripts. Those extensions are No Coin, minerBlock and AntiMiner. No Coin has recently added protection against Crypto-Loot as well.
- Thirdly, an antivirus program can also help with blocking unwanted cryptojacking. Just make sure to download a reliable and trustworthy protection software.
So far, it seems that apart from unwanted CPU usage and potential productivity slow-down, there aren’t any other issues that come from cryptojacking. However, due to the overall unpleasant nature of this practice, most users see this scheme as illegitimate.
