In an October 19 post on a bug tracking forum, Google software engineer Ojan Vafai proposed a modification to the company’s Chrome browser that would inhibit and potentially prevent “malvertising,” the practice by which code on a webpage hijacks visitors’ browsers for cryptocurrency mining.
The thread on which Vafai commented began with a September 18 post about unauthorized mining that was being executed by code from the software firm Coin Hive, which had debuted its flagship mining product four days earlier. Subsequent comments make reference to the emergence of knock-off businesses offering a service similar to Coin Hive’s.
Vafai’s recommendation to combat the issue is as follows:
“If a site is using more than XX% CPU for more than YY seconds, then we put the page into ‘battery saver mode’ where we aggressively throttle tasks and show a toast allowing the user to opt-out of battery saver mode. When a battery saver mode tab is backgrounded, we stop running tasks entirely.
I think we’ll want measurement to figure out what values to use for XX and YY, but we can start with really egregious things like 100% and 60 seconds.
I’m effectively suggesting we add a permission here, but it would have unusual triggering conditions (e.g. no requestUseLotsOfCPU method). It only triggers when the page is doing a likely bad thing.”
In other words, this solution would equip chrome to recognize suspicious activity and take action to significantly impact the amount of processing power that mining software could appropriate by subjecting the culprit page to a setting that limits CPU usage. Chrome would simultaneously offer users the option to exit this power-saving state. Should they choose to exercise it, the browser would refuse to perform all tasks requested by the page, including mining.
There has been no indication yet of whether Google intends to implement any protections against malvertising, much less if an eventual plan would resemble Vafai’s prescriptions, but one fellow Google employee on the thread expressed enthusiasm for the proposal.
ETHNews has previously reported on malvertising schemes, including one in late September 2017 that used Coin Hive’s code to conscript the browsers of visitors to certain Showtime websites into mining the cryptocurrency Monero. About a week earlier, one or more administrators of the file downloading site The Pirate Bay introduced the code on their own website.
Earlier this year, a malvertising scheme affecting computers mostly located in Eastern Europe and Central Asia commandeered the web browsers of visitors to certain gaming and video-streaming sites in order to mine the cryptocurrencies Feathercoin and Litecoin. In July, a security breach at San Francisco State University saw a number of malware files, including bitcoin mining software, end up on the school’s servers. And in September, Russian cybersecurity firm Kaspersky announced that between January and August 2017, its products protected 1.65 million users from malicious mining software.