Monero miners aren’t all illegal, however, there are several legitimate miners such as CoinHive and Crypto-Loot (more information on CoinHive and Crypto-Loot) but even those tend to oftentimes get implemented within apps and websites in an illegitimate way since the users are either not notified about the miner and/or aren’t given an option to disable it. This leads to a lot of people believing that even the legitimate miners are some form of malware.

Opc0d3r and WaterMiner

Recently, yet another instance of illegal Monero mining was detected coming from Russia. A Russian modder, who has been creating mods for the popular game GTA V seems to have added a modified version of the legitimate XMRig miner that allows him to mine Monero through the PCs of people who download and use its mode. The person behind this goes by the online alias of opc0d3r and the miner utility that he uses in his mode is called WaterMiner. The name of the mode that carries the mining script is presumably called Arbuz.

The hacker might have been revealed

Due to lack of operational security and possibly due to lack of experience, the hacker’s identity has likely been revealed by researchers at Minerva Labs. Apparently, opc0d3r, or if we use his real-life name Anton, has posted links to his mods on his VK account. At a certain point, users started complaining that he has been stealing opc0d3r’s tools and making money off them to which he replied that he was in fact the mods’ creator, opc0d3r.

Still, though the modder seems to have done a sloppy job when it came to protecting his anonymity, his Monero mining utility, WaterMiner, is actually rather impressive according to Omri Moyal, a Minerva Co-Founder. The miner had persistence through the PC’s Registry and support for ceasing mining operations when the user was trying to debug their computer. Also, there were other potential features that opc0d3r/Anton might have wanted to use in future.

Monero Miners on the Rise

Since the middle of September and the release of the CoinHive Javascript miner, software and especially malware developers have found numerous ways to earn money through Monero miners. Unfortunately, even though this can be done legitimately and with the user’s consent, most of the time, it is not. The good news is, though, that if you want to protect yourself against unwanted miners, you an do so in a number of ways. Most good antivirus programs already have added a feature that stops those miners or at least notifies you if something tries to force your PC into generating Monero. Also, ad-blockers can also do a good job at blocking miners. There are even a couple of dedicated Google Chrome add-ons that can help – minerBlock, No Coin and AntiMiner.

The post Russian GTA V modder caught illegally mining Monero appeared first on Malware Complaints.

We have already written a couple of articles concerning a recently developed scheme for mining the Monero Cryptocurrency known as cryptojacking. The concept of this scheme is as follows: a JavaScript code is added to a website, a web service or an app such as a browser extension, which code commands the PC that visits the site or uses the app/web service to use its CPU for Monero mining. Up until no more than a day ago, the only method to implement this scheme was a JavaScript called CoinHive. However, a new service that offers similar functionality has been introduced and its name is Crypto-Loot. Due to its recent release, it hasn’t been as widely implemented and used as CoinHive, yet we believe that Crypt-Loot will likely grow in popularity rather rapidly. One thing to note is that while CoinHive developers keep 30% of the profits made using their script, Crypto-Loot only collects 12% making it seem like an ever more desirable option.

Is cryptojacking illegal

Both CoinHive “Virus” and Crypto-Loot are initially legal methods for gaining revenue in the form of Monero. However, similarly to more conventional methods for making profits online like web advertising, Monero mining through those JavaScript codes comes at a price and that price is paid by the users. When you see ads online they are often annoying and obstructive. With cryptojacking, the issue is that your PC gets forced to use its resources for somebody else’s profit. Surely no one wants to have their machine works slower due to increased CPU usage for the benefit of someone else. However, as we already said, the sheer use of use of CoinHive or Crypto-Loot isn’t illegal. What might be considered as illegal or illegitimate is the way those scripts get used.

How are these JavaScripts getting used?

You see, in order for the use of either one of these two methods to be legitimate, the user needs to be explicitly notified about the Monero mining JavaScript and must also be provided with an option to disable the script so that the mining would stop. Unfortunately, most sites and apps that have been reported to implement this scheme haven’t met those requirements. This leads to a lot of users who have their machines slowed-down without actually knowing why that is happening.

Some prominent examples of use of cryptojacking from the past couple of weeks are when sites like PirateBay and Showtime had the CoinHive JavaScript within their code. Also, a Web Store extension known as SafeBrowse was also reported to use the same script. There are other examples as well and most of them are with CoinHive since it has been around for a longer period of time.

On the other hand, the number of legitimate uses of such scripts is rather small. One such example is a YouTube app for interface management called Iridium, where the user is allowed to switch off the Monero mining. Also, another instance of CoinHive being properly used is in PublicHD, a torrent tracker where the user gains site credits in if they keep the Monero mining enabled.

Ways you can prevent cryptojacking

If you want to prevent sites and apps from exploiting your computer’s processors through cryptojacking, there are coupe of methods that you can try.

• Firstly, you can use an ad-blocker app (for example AdGuard, AdBlock Plus) to prevent website cryptojacking since some such tools offer this form of protection.
• Secondly, there are also specialized Chrome extensions for blocking CoinHive scripts. Those extensions are No Coin, minerBlock and AntiMiner. No Coin has recently added protection against Crypto-Loot as well.
• Thirdly, an antivirus program can also help with blocking unwanted cryptojacking. Just make sure to download a reliable and trustworthy protection software.

So far, it seems that apart from unwanted CPU usage and potential productivity slow-down, there aren’t any other issues that come from cryptojacking. However, due to the overall unpleasant nature of this practice, most users see this scheme as illegitimate.

The post Crypto-Loot – a new cryptojacking service appeared first on Malware Complaints.