Saturday, December 16, 2017

www.kproxy.com uses your resource to perform in-browser mining code

I was shock to see a prompt seeking my consent to run some calculation in my machine when I loosen my Tor Browser's security level using www.kproxy.com to reach another site.

Naturally that rings a bell that the "calculation" is referring to in-browser mining code.

So I set about to examine the page and through inspection and experimentation to identify that it is KProxy that is loading the in-browser mining code and not the target site, which happens to be https://www.google.com

The in-browser minining code is not on the landing page of KProxy and they are only injected when you surf to the target site. Shame on you KProxy for not even stating that your user's resources could be used for mining purposes.

KProxy has 10 public servers and here are what they are loading:
Server 1, 2, 3, 10: https[:]//coinhive.com/lib/coinhive.min.js

Server 4, 5, 6, 7, 8, 9: https[:]//authedmine.com/lib/authedmine.min.js

The heading comment in authedmine.min.js declares that it will only run the in-browser mining code if you opt-in.

You be the judge if you can believe such declaration. As for my money, stay away from KProxy and if you are running "uBlock Origin" add these two domains into your filter to block them.

My Tor Browser is now reset to the maximum security.