Mozilla Firefox Will Block Cryptocurrency Mining Malware Scripts From Web Browser

Mozilla Foundation, the nonprofit parent company of popular web browser Firefox, announced late last week the browser was being upgraded, and new releases of the product would automatically block malware scripts and other related “harmful practices.”

Nick Nguyen, Mozilla's vice president of product, said in a blog post Aug. 30 illegal practices that inconspicuously collect identifiable user information or degrade user experience were becoming more common.

“For example, some trackers fingerprint users — a technique that allows them to invisibly identify users by their device properties, and which users are unable to control. Other sites have deployed cryptomining scripts that silently mine cryptocurrencies on the user’s device. Practices like these make the web a more hostile place to be. Future versions of Firefox will block these practices by default,” he wrote.

According to the company, the reason behind this decision was more to do with "giving them (users) a voice" than protecting users. With the new update, sites which need user data in exchange for content could still collect it but would need permission to do so going forward.

The company is set to test a new feature that will automatically block scripts for cryptocurrency mining, and it’ll be starting the test as a part of its nightly builds programme – a practice of each day doing a software build of the latest version of a program. The aim is to officially release the new code as part of the formal release of Firefox 63, expected to be released late October.

Instances of cryptojacking – the illegal confiscating of computer resources to mine cryptocurrencies – went up nearly 1,000 percent in the first half of 2018. This was one of the insights presented in the Trend Micro midyear roundup report titled “Unseen Threats, Imminent Losses”. This report, released in August, said the methods employed by hackers to obtain benefit from device owners have shifted from ubiquitous, highly visible malware attacks to the relatively silent but no less devastating deployment of cryptojacking.

There have been several reports detailing the extent of cryptojacking. Security researcher Troy Mursch published a report in May that incorporated details on how the cryptocurrency mining code called Coinhive was attaching onto unsuspecting sites around the web. The researcher detected the Coinhive code running on nearly 400 websites, including a number of official government and education websites.

To prevent cryptojacking, other browsers like Chrome and Opera have also introduced features to block mining scripts. The features Opera introduced in January prevent smartphones from being used by the attackers to secretly mine cryptocurrencies. Opera also created a website for users to check if their browser was affected by unwanted crypto mining.

Google also decided to withdraw any and all Chrome extensions that mine cryptocurrencies after finding that too many developers were not abiding by the rules. The secret mining of cryptocurrencies resulted in massively increasing the victims’ electricity bills and running down their device batteries.