Block Coinminers with Little Snitch and CoinblockerList on Mac
if you are an OSX Little Snitch user you can use freely available CoinBlockerLists to block large portion of JavaScript based Coinminers like coinhive etc.
Did your computer fans suddenly start to go all ballistic on you while browsing the internet? Did it start performing very slow? Well, you probably surfed to a website hosting a malicious JavaScript Coinminer like hxxp://intelliadmin[.]com.
If you don’t like evasive little java scripts running on your computer here is a short guide on how to use Little Snitch and CoinBlockerList to prevent Coinminers from consuming all of your Mac CPU power.
Thanks to the great work of @hobbygrafix sharing and updating his collection of Coinminers related domains with the community, we can easily download this list and create custom firewall rules to block any outgoing communication going to known Coinminers domains.
So first go to CoinBlockerList website at and download the latest package as either .zip or .tar.gz, depending on your preference.
You can also find the core list on github.
Once the package has downloaded, extract the files and open the list.txt and copy the domain list to your clipboard.
Now open Little Snitch’s configurations. This is done by clicking the Little Snitch icon in the OSX menu bar and, depending on the version in use, selecting “Little Snitch Configuration…” or “Rules…”.
Create a new rule by, depending on the version in use, clicking on the + sign or clicking “New”:
Once the rule creation view opens, chose the following configurations for the rule:
-
any running process
-
Block outgoing connection
-
To: Hostnames
-
Pick “Any” for both port and protocol.
Now paste the copied domain list into the hostname text box It should look like the picture below:
Now click on Create Rule.
Next time when your next-door website decides to run Coinminer on your browser, Little Snitch will block it.
@hobbygrafix keeps updating the list all the time, so please follow for any changes. You can edit the rule any time and just replace the list.
Since it’s a significant security threat, sadly (or happily), Little Snitch does not provide an API to automate this process.
That’s it, hope it helps and big kudos to @bad_packets, @hobbygrafix and rest of the community for your hard work.
Each blocked Coinminer is another tree saved in the Amazons or ice not melting in Antartica.