Opera 50 To Bolster Defenses Against In-Browser Monero Cryptojacking - JLFB - Cyber Security, Hacking News, Exploits, Vulnerabilities, Tech and Tutorials

Breaking

Sunday, December 24, 2017

Opera 50 To Bolster Defenses Against In-Browser Monero Cryptojacking


Monero

Everyone is flipping out over cryptocurrency after seeing Bitcoin continue to skyrocket in value (the recent dip notwithstanding). It seems everyone wants a piece of the action, including some website owners, who have started injecting digital coin mining code on webpages. When you visit one of these sits, it taps into your CPU, sometimes without your knowledge or consent. That's not cool, and Opera is doing something about it.

The latest Opera beta, version 50, includes a new feature blocks these scripts from running. It's called NoCoin and it is a work in progress. NoCoin is part of Opera's built-in ad blocking technology, which is disabled by default. We are not sure how well it actually works at this stage, but the idea is to prevent in-browser mining code from running, such as Coinhive, one of the more popular implementations that is used to mine for Monero.


Opera NoCoin

If you want the added peace of mind, you have to download the Opera 50 beta RC and go into Settings. In the Basic section, you'll find a "Block ads" section. Check the "block ads" box as shown above, which will bring up a list of new options. Under the "Recommended lists" heading, you will see a NoCoin entry. This was enabled by default on our build after enabling ad blocking, though make sure the option is checked.

One thing to keep in mind is that when using an ad blocker, whether it's built into the browser or by way of a third-party extension, is that it deprives websites of income derived from ads (to state the obvious). Many sites that serve up free content rely on ad revenue, including here at HotHardware. Obviously the argument in favor of using an ad blocker is that it protects PCs from malicious and/or overly obnoxious ads, and we understand that. That said, we encourage anyone using an ad blocker to disable it on sites they support, and to provide feedback on ads rather than blocking them wholesale.

As it pertains to in-browser mining, that is something we are seeing more and more sites experiment with, in place of (or in addition to) ads. Some users feel it is an acceptable compromise—they would rather donate spare CPU cycles than load up ads, so there's a potential for a win-win situation. However, where this becomes a problem is when websites are not being transparent about the presence of an in-browser miner, or when a website is hacked to run one. It's those latter scenarios that Opera is trying to address.

We have seen several examples of this already. Back in September, Showtime's streaming platform was hacked to mine Monero. A month later, it happened to fact-checking website Politifact.

This has also been a problem on Android devices, with Coinhive being found in some apps. Mining doesn't appear to be going away anytime soon, so expect to see more efforts to protect users from unintentionally running mining code.

No comments: