Popular Web Browser Firefox to Start Blocking Cryptojacking Malware

  • Firefox is set to start blocking cryptocurrency mining malware
  • The moves comes as the browser attempts to "give users a voice" when browsing the web.

Firefox, one of the world’s most popular web browsers, is set to start blocking cryptojacking malware by default in order to improve user experience and enhance its performance, in an anti-tracking initiative.

Through a blog post, the organization behind the open-source browser revealed it plans on blocking trackers and other harmful practices to “give users a voice.” Some of its new features, per the blog post, are already available in its Firefox Nightly beta version.

The post, written by Mozilla’s vice president of product Nick Nguyen, details Firefox will mitigate deceptive practices that include fingerprinting users – a technique used to “invisibly identify users by their device properties” and cryptojacking. It reads:

Other sites have deployed cryptomining scripts that silently mine cryptocurrencies on the user’s device. Practices like these make the web a more hostile place to be. Future versions of Firefox will block these practices by default.

Cryptojacking essentially consists of websites adding scripts to their code that let them use their visitors’ CPU resources to mine cryptocurrencies. While some websites ask users to use their CPUs instead of showing them ads, most use them without letting users know.

These scripts often ruin browsing experiences and can physically damage devices if they overheat. Over the past few months cryptojacking became a popular trend, as McAfee labs revealed cryptojacking malware cases increased by 629% in the first quarter of this year.

A study commissioned by Citrix and executed by OnePoll earlier this month revealed that 59% of businesses in the UK have, at some point, been hit with cryptojacking attacks. The trend grew so much that the Uk National Cyber Security Center revealed it is seen as a “significant” threat.

Firefox’s features are set to be tested on its Firefox Nightly beta version, and will be rolled out to a stable Firefox release by default if the company’s approach “performs well.” Firefox is notably one of various browser developers blocking cryptojacking malware and addressing the cryptocurrency space.

As CryptoGlobe covered Google has recently removed cryptocurrency mining apps from its Play Store, months after removing extensions from Chrome’s web store. Despite the tech giant’s move, several crypto mining apps were still on its app store after the ban.

Opera, a browser that recently introduced a mobile browser for Android with a built-in crypto wallet, rolled out mining script protection for its mobile users in January of this year. The feature was already featured on its desktop version by default. Notably, Opera is set to add its built-in cryptocurrency wallet to its desktop browser.

The Brave browser, founded by JavaScript creator and Mozilla co-founder Brendan Eich, also blocks trackers and cryptocurrency mining malware by default. Brave, as covered, recently surpassed 10 million downloads on Google’s Play store.

SignKeys Founder Joseph Toh Explains Cryptocurrency Hardware Wallet Security

Joseph Toh, the founder of SignKeys, a Singapore-based and Hong Kong-registered firm focused on supporting cryptocurrency transactions through popular messaging applications, has argued that securely storing digital assets involves having “true ownership” of your account.

Toh, a graduate of University of Technology Sydney, told CryptoGlobe that investors don’t truly on their digital assets unless they have access to the private keys associated with their funds.

Toh also clarified that if investors give a trusted third-party access to their private keys, then they potentially risk losing their funds due to hacks or some other type of mismanagement.

Main Factors Influencing Mainstream Crypto Adoption

In response to a question about what he thinks is required before Bitcoin (BTC) and other major cryptoassets achieve mainstream adoption, Toh noted:

  1. Blockchain to Blockchain Integration - “There is not going to be one single Blockchain in the world. If Tesla invented AC, then why are there 27 different power points in the world with different voltages etc.”
  2. Blockchain to Non-Blockchain Integration - “90% of existing platforms, systems, businesses are not on blockchain. Having a way to integrate blockchain to non-blockchain is important until blockchain truly becomes mainstream.”
  3. Security/Risk Management - “If blockchain is so secure, then why is it that each month some exchange is getting hacked or people are losing their crypto?"
  4. Versatility - “What is the point of a hardware dongle. Do you carry a USB dongle with you? It was cool in 2000 but be serious?”

What Does “Military Grade Security” Mean?

Commenting on what "military grade security" means, as it is a commonly-used term when describing how secure hardware wallets may be, Toh stated:

“The term military grade security gets used so much that it can get confusing, however the basic concept is quite simple. The hardware that we leverage on most existing smartphones is FIPS 140-2 certified, but we are using the same tech in the military for a different purpose. This type of technology may be used to store digital assets and their associated private keys, but it’s not limited to only storing private keys.

The concept of military security is not limited to hardware devices. We have taken extraordinary measures to help mitigate risk. For example, when you try to copy and paste the same wallet address, our platform will give you are warning as copy and paste functions sometimes fail.

Hardware based dongles are a great step as it has made our lives easier. That’s because it helps people become aware of how important securing one’s private key or actually owning the private key is important.

Sure, you could have a hardware dongle but according to our experience, most people who have hardware dongles usually store them away (however, in some cases, you are better off having a private key on a piece of fireproof paper). Or if we are serious about mass adoption, then we should develop similar solutions for mobile phones.

Unlike hardware wallets, you keep your funds ready to trade, without having to plug the dongle into a computer. The physical security is important. It’s like putting a bulletproof vest on your wallet. But we’ve also introduced a transparent and trustworthy guarantee. That’s like having a team of the world’s best surgeons standing by, just in case.

We’ve introduced one-touch sends via messengers like WhatsApp. Copy-paste errors are a very common problem when sending crypto. There’s even malware designed to change wallet addresses on your clipboard, so you end up sending tokens to hackers. We’ve eliminated the need to copy and paste addresses altogether.

We also eliminated accidental double transactions. Those also happen all the time when the network is slow. Oftentimes, people start thinking they’ve not sent their tokens, and they click send twice. Our app actually gives you a warning in these types of cases.”

Lessons Learned After Getting Hacked

Responding to a question about the thoughts that went through his head, when his Bitcoin wallet was hacked and what vulnerabilities may have led to the security breach, Toh said:

“We typically don’t think it will happen to us. This unfortunately is a reality for some. This is why I had a personal mission to make sure this does not happen again, not just to me but to everyone. More importantly, we need to make crypto wallets easy to use so even people who are not tech savvy can use them. The transaction process should be as easy as sending and receiving messages or performing similar actions that people are used to and feel comfortable doing like sharing pictures through Facebook or WhatsApp.”

When questioned about how SignKeys technology could potentially be built into 1.7 billion mobile devices, Toh explained: 

We license the use of a chip that is already available on existing mobile phones. So, this tech could theoretically work on billions of compatible devices.  We do not need to ship out a hardware dongle to get 1.7 billion users to use our services.