Adblock Plus and (a little) more

How cryptojackers maliciously worm their way into ads to turn your computer into their mining zombie · 2018-01-09 20:37 by Ben Williams

Cryptocurrency’s fire right now. You probably own some. Hell, your grandmother’s probably got some Ethereum stockpiled to leave your grandpa with.

As it grew in popularity, it was pretty much inevitable that people would start to game some aspect of it. The first scam came from websites that tried to cryptojack your computer to mine for them directly. Like ye olde Pirate Bay, which enlisted your computer’s CPU to power its crypto mines, so they wouldn’t have to rely on ads. Some people didn’t want their CPU being treated like that. So we told you about this back in September and provided instructions on how to avoid getting cryptojacked when you visit a website.

Betcha wouldn’t have guessed that something rotten like this would seep into the pristine waters of online ads, did ye? Well, recently CoinDesk reported that cryptocurrency mining is being performed directly from ads. Whereas before it was the website itself that was mining, now it’s an infected ad … which could turn up on any ad network, then show up on any site – unbeknownst to the network, the site … and you. In this case it was an advertising platform called Spotad, which spotted some suspicious activity on its network that turned out to be an ad that would force your computer to mine crypto for it.

Basically, if you interacted with the ad, your computer would start mining for a boss you’ll never see and who’ll never pay you … but who sucks the CPU out of your computer for its mining habit. PC Magazine even warned about this problem back in September, saying the practice was mainly isolated to Russian-speaking ad networks. Seems it’s on the move.

Really, it works just like malvertising, when ads stuffed with malvertising sneak onto legitimate ad networks. It’s just that now the ads will be sucking your CPU for sweet crypto.

The good news: since you’re reading this blog, you’re probably safe. You’re likely blocking ads and therefore keeping out the cryptojackers who have learned to disguise themselves as ads. Best tell Grandma though … err, wait, if she owns all that crypto, she’s probably been blocking ads since ’06 … Maybe it’s time to have a chat with Grandpa?

Comment [5]

  1. mapx · 2018-01-09 21:05 · #

    Hi Ben, you should consider enabling by default easyprivacy list. It’s the (official) list with a consistent list of mining stuff. Only the advanced users will use easyprivacy or Nocoin list.

    Reply from Ben Williams:

    Hey mapx,
    Sorry bout the late response, been out and about. It’s an idea, for sure, but what’s always held us back on making additional lists/features default is that by now people kinda expect a certain blocking baseline from us. The rest is (as yet) up to them.

  2. Michael · 2018-01-11 15:38 · #

    The Adblock Plus Browser (IOS) offers little protection against cryptojackers, cryptojackers utilise Javascript. With no options to disable JavaScript within Adblock Plus browser, crypto minders can simply change their domain name if detected.

    The Easylist offers some protection, it will never offer 100% protection against crypto mining. Blocking, filtering scripts is the only way to combat this menace.

  3. Deborah A Seals · 2018-02-05 17:06 · #

    help i need to ublock all post please. can you help me

    Reply from Ben Williams:


    Not sure I’m getting all you’re saying. Did you mean you want to unblock, i.e. turn ABP off, on certain sites? To do that, just click the ABP icon in your browser and click “Enabled on this site,” which will switch it to disabled status for the particular site.

    Any other questions, please let me know or send an email to

  4. Cloud Consulting Services · 2018-02-06 16:07 · #

    This is the BEST thing and anyone angry probably wants to invade your system with garbage

  5. Staffing Services · 2018-02-06 16:12 · #

    I don’t want any advertising on websites that are huge and mainstream, I allow it on adblock plus’s website

Commenting is closed for this article.