Malicious advertising network secretly adds crypto mining scripts, tries to bypass Adblock


#1

Originally published at: https://www.myce.com/news/malicious-advertising-network-secretly-adds-crypto-mining-scripts-tries-bypass-adblock-83809/

Security researchers from the Chinese antivirus vendor Qihoo 360 have discovered an advertising network called PopAds, that uses its own platform to mine cryptocurrencies in browsers from internet users without their consent. The network is active since December last year. It uses specific methods to bypass the Adblock ad blocker.


#2

Why am I not surprised?


#3

Here’s a possible workaround. Blacklist all third-party scripts from said porn sites, and then whitelist whatever domains are needed to make the site work. That way, only those scripts from those domains will be loaded, and random domains will be disregarded.

Another option is to use something like NoScript or LibreJS. That way, the JS code will be blocked by default, and again, you can whitelist only what you need to make the site work.


#4

In general, this is what I do for just about every regular/semi-regular website I read.

After doing this for many years, one becomes familiar with which domains can be ignored in terms of scripts. (Whether using noscript, ublockorigin, etc … or redirecting such superfluous domains to 127.0.0.1).


#5

For one thing my custom hosts edited file kills porn ads popups and redirects and site with malware infection to stop more infections.


#6

For most of the 2000s decade, I was using the 127.0.0.1 redirect list from mvps.

http://winhelp2002.mvps.org/hosts.htm

After 2012 or so, I started using the much longer redirect list from hphosts.

https://hosts-file.net/?s=Download


#7

Actually I use a different site for my hosts edit and it work fine - mvps.org started usin 0.0.0.0 and that didn’t work for my needs. So I limited my self down to one that I found that works and doesn’t add more headache for me. And if you didn’t notice there is already a thread on hosts edits in which I created a hosts file to do just that with the modified hosts file from the site I use.