The Ongoing Fight Against Antivirus and Adblockers

by CryptoLoot

Posted on May 26th, 2018 at 4:15 AM EST

Tags: Updates Antivirus Faster Hashrates Referral Program

Wow... Crypto-Loot has been a heck of a project thus far. This is the first long report we've done, so we will be covering the start to the current phase of Crypto-Loot. We will be talking about the Crypto-Loot v2.0 Update launched today (May 26th, 2018). We will also talk about the struggles we first had when starting, including one vulnerability that lost us nearly 38 XMR (which was worth approximately $15,390 USD). However, our number one priority is to talk about and bring awareness to what our project actually is. Is it malware? No. But then, why were we rated the third top most-wanted malware of December, 2018? It's time to clear things up, and show the other side of the spectrum. Our version of the story:

What, and why?
We began this project to provide an alternate source of revenue to content creators, web masters, and developers. Our team consists of all of these titles, and we know how content creators are being shafted in every direction by huge corporations such as Youtube, Facebook, Twitter, and even affiliate or advertising networks. Our mission was to provide an alternate income to forced POP-UP advertisements. The.. really annoying ones. You know? The idea is that we are able to provide a service that benefits both the users and the webmasters/companies. Instead of having a bunch of forced popups shoved in front of your face, webmasters with low-profit websites can alternatively, use Crypto-Loot. I don't know about you, but when I visit a website that throws popups in front of my face, I close it and never return. This destroys webmasters overall traffic stats by driving bounce rates through the sky.

The Beginning
When we first heard of the idea of web mining, our imaginations exploded with excitement. "This could be the way of the future", we thought.. and it may just be. Anything from websites to video games or free mobile apps. So, we put 120% of our effort into becoming the best in the industry. 16 hour days with no end in sight, it was painful, yet exciting.
Within our first week of launching, we were on multiple news networks. We were hit so hard by high-traffic websites and DDoS attacks that we had to scale our code, infrastructure and team rapidly.
Two weeks in, we were starting to run fairly smooth, with a few hiccups here and there. We thought, maybe we could take a breath!

WRONG! Our hosting provider at the time, DigitalOcean decided to shut down 22/25 of our servers without any prior notification or warning. They didn't have a phone number to call, and took hours to respond to a high-severity ticket. In the mean time we went around getting green-lit by a few other hosting companies who would gladly take our business. By the time they responded, we had already migrated nearly 70% of our infrastructure. They simply told us "we cannot support your current use case" without any real explanation.

After the DigitalOcean problem, we were finally running smooth. We had time to focus on new features such as the API, graphing, and ways to get around anti-virus companies and adblockers. Later on, in December we had our first "hack"... Well, it wasn't really a hack. It was a vulnerability that we had overlooked in-which allowed the attacker to submit invalid shares and still get paid for said shares, losing us around 38 Monero. At this time, we had disabled autoamtic payments, fixed the issue, and spent weeks re-auditing all of our code to ensure there were no more major vulnerabilities.

The continued fight against the NetSec industry
As previously mentioned, upon launching we were all over the news. But - it wasn't really good news. Major netsec blogs called us thieves, cryptojackers, and even labeling our software as MALWARE!? I wish I could say these guys don't know what they're doing, but they clearly do. They're using scarcity tactics to boost clickthrough, and sell you their partners antivirus products. "Cryptojacking" just sounds scary, doesn't it? That's what we call clickbait, fellas. I mean, c'mon, seriously... Even if our software is abused by some of our users, by not informing their userbase that they're using their computers to help mine Monero, really? Using 10 cents per month of extra electricity is the new malware? A piece of software that stops running when you close the website? Malware? You know you're comparing us to software that private information such as banking details, pictures, and used to take down large websites/networks? That's cute.

The netsec industry has waged a war against this sort of technology, and they're doing quite well. People are scared of change, and most don't understand what it is we do. This is why we're going to be a lot more vocal from now on. You're going to hear both sides of the story, and it's your decision to chose what you believe.

Not only are we going to be more vocal, but we are ramping up our fight against antivirus companies by ensuring our scripts and domains are undetected by antivirus companies and adblockers. Firstly, we're not malware. Secondly, we're not an advertising network. We're an alternative to ads. We do not believe we should be blocked by AdBlockers or Antivirus. By a crypto-mining addon? Sure, that makes sense. That's the purpose of that software. Labeling Crypto-Loot as malware is simply ridiculous, even by clickbaity mainstream netsec blogs.

Crypto-Loot v2.0? What's that!?
We've been working on Crypto-Loot for nearly six months now, and it's been one heck of a time (both fun and stressful). Over the past couple months we've been working on one major update, Crypto-Loot v2.0

What does Crypto-Loot v2.0 have in store for us?
-Faster hashing script (updated today!)
-Completely new script with no external WASM (Google & Antivirus companies disliked external WASM files)
-Automatic Re-obfuscation to help avoid Antivirus and Adblocker detection
-SelfHosted v2.0 • Automatically update your selfhosted version of Crypto-Loot
-Automatic domain swapouts for the script(s), to also avoid antivirus and adblocker detection.
-Re-enabled automatic payouts (with advanced flagging). Payments are now made 12 times per day.
-Referral program. We were asked to create a referral program one too many times, so we finally took your advice and got it done.
-Support for integrated addresses (payments to exchanges via Payment IDs)
-More support to keep up with support tickets, emails, and social media
-Dashboard UI addons and bug fixes
-Simple code generator
-New website & logo
-Continued campaigns to voice our side of the fight against the NetSec industry

What's coming in Crypto-Loot v2.1-2.3?
-More API features
-Captcha system
-Faster hashrate tracking & balance compounding
-Add your own domain or subdomain for free script & websocket hosting
-Support in other languages

To Wrap things Up
That pretty much sums up everything for now. You're going to see us a lot more active on social media, and our support team is growing and being trained to support everyones functional, informational, and language based needs.

Crypto-Loot Support

“The true soldier fights not because he hates what is in front of him, but because he loves what is behind him.”

G.K. Chesterton

Like the post? Share it with others!

Follow us!