Polite cryptominers knock, but you don’t have to answer

Polite cryptominers knock, but you don’t have to answer

Developers should know this truism from childhood: Always knock before entering. But they don’t. For developers of cryptominers – the little programs designed to mine cryptocurrencies such as Ethereum on your devices – the differences between knocking and just quietly barging in are huge.

If they don’t knock, and just quietly enter to go to work on unsuspecting computers, they can certainly succeed for a short time. However, there are very high odds that they will be identified as malware or potentially unwanted applications (PUA) and stopped in their tracks. If they do knock, and wait for your OK before harnessing your device’s computing power to mine cryptocurrencies, they just might not get that OK and will be shut down in their tracks.

This is a conundrum.

A cryptic bit of history

This is also precisely the problem faced by Coinhive.com. After they launched their first miner script, several websites such as torrent sites began using it as an alternative to ads. Instead of displaying ads, they would instead load this miner and run it for 30 seconds before allowing the user to access the content, and collect the revenue from mining instead of ads.

The problem is that while some websites made it perfectly clear that they were making revenue this way, others were doing it silently. For this reason, the script was blocked by several adblockers and most antivirus software. That’s why Coinhive released another opt-in version of their cryptomining script.

Polite cryptominers knock, but you don’t have to answer - in-post

Polite cryptominers knock, but you don’t have to answer - in-post

When loaded, it asks for the user’s consent before starting to mine:

Polite cryptominers knock, but you don’t have to answer - in-post
This pop-up is generated by the mining script itself, not by the antivirus.

However, not all people read or understood this pop-up warning. They clicked on “Allow for this session” and then they were surprised to find out their computer was slower, their devices were warming up, or their battery was being drained faster. So for these users, this script was PUA – a potentially unwanted application.

Why not just lock the door?

In case you don’t want to depend on a cryptocurrency developer knocking and waiting, there are other options. Consider Avira Web Protection, a feature in Avira Antivirus Pro. If Web Protection is turned on, it instantly blocks any JavaScript, such as this one, with an active detection – without waiting for any confirmation from the user.

Polite cryptominers knock, but you don’t have to answer - in-post

To make sure you’ve activated this, just go to Avira Antivirus settings and click on “Web Protection:” It’s automatic, no-hassle protection. But even with Web Protection turned off, Avira can still find and remove the malicious JavaScript by doing a full system scan. Although the cryptocurrency mining doesn’t count as an infection — it is only temporary and is over once the user closes that specific website — this is a good example of how you can be more fully protected with the Pro version of Avira Antivirus.

This post is also available in: GermanFrenchItalian