Google Aims to Put an End to Secret Cryptojacking by Making In-Browser Permissions Necessary.
In-browser cryptocurrency mining has become the latest obsession among website operators as it is being deemed as the perfect alternative to display ads. However, the point of debate is that these miners are being deployed without asking or informing users. On the other hand, it is recommended in mining scripts that before making money through users’ resources, web operators must ask for user consent.
It is also worth noting that the mining tools are being promoted as an alternative to online ads but the scripts so far have been used by hackers and cybercriminals for fulfilling their malicious objectives or secretly deployed by organizations and websites. Users are always kept in the dark, and hence, our CPUs are constantly helping them by providing them enough resources to mint money.
A number of web operators also identified that their site was mining cryptocurrency while they were unaware of it while there are more than 500 sites knowingly or unknowingly running cryptocurrency miner and generating millions in digital money.
The problem with cryptocurrency mining is that it infects the clients’ machine and extract power from the CPU, which negatively affects their computers. Previously users were urged by security firms to switch to browsers that were capable of blocking these scripts, such as Google Chrome’s extension AntiMiner. Some of the anti-virus software is also equipped with adblocker feature and can successfully block miners.
The usability of these scripts and cryptocurrency mining as an alternate option of advertising cannot be overlooked. Therefore, tech giants are trying to identify ways of replacing ads in a legitimate manner, with the consent of users. Until that happens, Google’s engineers are thinking of adding a new feature of in-browser permissions to block cryptocurrency miners automatically.
Chrome engineer Ojan Vafai stated that the company is looking to fix the issue of deploying cryptocurrency miners without notifying users. The most probable option is to block them automatically since the sites aggressively use CPU resources, which is not acceptable to Google.
It is also noted by Vafai that Google is working on a feature which, if a website uses CPU resources for a predetermined timespan or percentage then the page will go into Battery Saver Mode and the user will be asked to manually opt out of this mode while when the battery saver mode runs in the background the tasks will be stopped entirely.
“I think we’ll want measurement to figure out what values to use for XX and YY, but we can start with really egregious things like 100% and 60 seconds,” stated Vafai.
The in-browser blocking feature is still in the process of development, but given the way cybercriminals and web operators using the cryptocurrency miners, we can expect a solution soon enough.
Who’s currently using cryptocurrency miners?
As mentioned above there are more than 500 websites secretly mining cryptocurrency using CPU of their visitors. However, some of them were exposed by cybersecurity researchers and include The Pirate Bay which was caught using cryptocurrency mining script twice in just one month, two websites belonging to ShowTime owned by CBS and torrent proxy site (ProxyBunker.online) which was later booted off by CloudFlare.