A Firefox extension called Image Previewer was discovered today that not only displays popups, but also injects a Monero in-browser miner into Firefox. While we have seen numerous Chrome extensions injecting in-browser miners, this is the first time I have seen a Firefox addon with this behavior.
The addon will then open the page https://devappgrant.space/lib/iframe.html?u=6081&t=0.5 in an iframe. This page contains the setup script for the in-browser Monero miner. The variables used in the URL are important as well as they specify the user id associated with the miner and the throttle, which is the percentage of time that the miner threads should be idle.
This setup script will cause the main miner script located at https://devappgrant.space/lib/xmr.main.min.js to load within 15 minutes.
This xmr.main.min.js script is the brains behind the Monero miner and contains the base64 encoded WebAssembly program that will be executed to mine for Monero. While mining, the miner will use up to 50% of the CPU processing power on the computer. This will cause the CPU to run at high intensity for a longer period of time, which could decrease the lifespan of the hardware.
Submitted by: Arnfried Walbrecht