Thanks for making the internet more shady

[Aoxo]

I'm here cause I visited a shady website that used 80% of my CPU. I viewed the source, found the code, googled it and the results led me right here where I found the exact same code example.

There so much great free stuff on GitHub. It's unfortunate that it's also being used to distribute malicious code that is used to hijack CPU resources, increasing my clock speed and power usage.

I'm reporting this to GitHub. Not sure if they will care but they will hear about it.

[tylerjones4508]

Thats up to the site to tell you or not if your pc is mining. Not cryptoloot.

[Aoxo]

From your own webSite at crypto-loot.com, "Running our miner on your webite will go unnoticed by all users once started". You literally advertise this as something that should go unnoticed. Unfortunately you're wrong because I noticed right away that your script was draining my resources and slowing down my PC...that's how I caught it.

You even suggest how people can optionally obfuscate the script and urls to avoid antivirus detection. "Set to automatically update (to stay up to date with the latest obfuscated scripts and domains to avoid AV/Adblocker detection)". How is this not malicious code if you're actively trying to avoid AV detection so you can allow web hosts to silently consume visitors resources?

Sure, it's really easy to defer all the blame to the people using your script maliciously, but that's probably about 99% of the people using your script. The simple fact is you made this tool and how and where it is used IS your responsibility also. It's also the responsibility of Git as they are helping you distribute it. It's fine...you're an unethical person. Someday I'm sure it will all catch up to you. Sleep well in the meantime.

[tylerjones4508]

ROFL, Im not a employee. I just read their docs and they do say they advise against not letting users know that mining is going on.

What is Crypto-Loot? The CryptoLoot JavaScript Miner allows you to embed a Monero (XMR) miner directly into your website. The miner itself does NOT come with a User Interface! It is your responsibility to tell your users what's going on and to provide stats on mined hashes. Ultimately, we aren't going to tell you how to run your business.

If you want a ready-made, easy to embed User Interface, have a look at the MinerUI.

While it's possible to run the miner silently (without informing your users), we strongly advise against it! Long term goodwill of your users incentivises to keep coming back!

The CryptoLoot miner runs until you explicitely stop it again or the user navigates away. You can also credit hashes to a random token and the miner will automatically stop when it reaches the specified number of hashes.

The following information is best suited for developers. If you're not a developer, we recommend simply grabbing the code from your dashboard under "Manage Sites" and pasting it wihtin your websites header, app, extension, or plugin.

[jrmessiah]

I'm here cause I visited a shady website that used 80% of my CPU. I viewed the source, found the code, googled it and the results led me right here where I found the exact same code example.

There so much great free stuff on GitHub. It's unfortunate that it's also being used to distribute malicious code that is used to hijack CPU resources, increasing my clock speed and power usage.

I'm reporting this to GitHub. Not sure if they will care but they will hear about it.

chill susan.....open source baby

[BelleNottelling]

Honestly, as long as it's done within reason, I'd much rather have crypto-miners on websites rather than a million ads. But it's not crypto-loot's fault if a website uses it in a way that causes poor user experience

[luphoria]

While it's possible to run the miner silently (without informing your users), we strongly advise against it! Long term goodwill of your users incentivises to keep coming back!

The issue I have with this, is that at the landing page, it advertises itself as being hidden. This program may be useful legitimately but it seems pretty clear that its target market isn't what it claims.