Jump to content

Noticed high CPU Usage after installing Honey (LTT Sponsor)

TDP_Equinox

During the WAN show this week there was a new sponsor, Honey (https://www.joinhoney.com/linus). 
I figured I'd give it a shot and installed it. 
That night, malwarebytes popped up saying that it quarantined a cryptominer. I thought this was my etherium miner folder and promptly ignored it. 
The next day (today) I noticed that youtube was choppy at 1.5x speed. I checked task manager, and chrome was using 50% of my 4790K. I restarted, same thing. Malwarebytes again popped up warning me of a cryptominer. 
 

So I removed the Honey Extension and usage went back down to 0% immediately. 

 

Re install Honey; usage back to 50% and malwarebytes freaks out right away.. 

 

Perhaps LTT should look into this sponsor and consider dropping them. You guys are generally pretty good at making sure your sponsors are reputable, and I can understand that things get missed; but I hope that someone sees this ( @nicklmg ) and looks into it. 

Addition: Installed at 10:30 PM, malwarebytes didn't react until 3AM and symptoms were not noticed until around the same time. The second install, however, spikes CPU usage immediately. 
Malwarebytes scan results:  

 

Addition 2: It appears the site no longer affects GPU usage, and installing the extension no longer gets flagged as a crypto miner/affects CPU usage from what I can see. 
There doesn't appear to be any statement from Honey, so I can only assume that they dealt with the issue quietly and hoped no one noticed. 
I won't continue using the extension, but it may be relatively safe now. 

051e9deb2de5e8147024ec922f89816c.png

 

Spoiler

I7 4790K @4.5 Ghz 1.294V

VALIDATION, MSI Z97 Gaming 7, 24GB DDR3 1600, Asus Strix 1070 8GB OC@ 2.2Ghz, Corsair graphite series 760T (Black), Cooler master V850, NH-D15 w/LNA ,1TB Samsung 850 Evo,  480GB Sandisk Ultra II SSD, 3TB Seagate Barracuda x 3, 1 TB WD Passport (Backup drive), 2 TB WD Passport (Backup Drive 2),  Windows 10 Pro x64 (uhg), Logitech G900 Chaos (Main), Steelseries Rival (FADE) (Courtesy of Edzel Yago, Thanks Ed), Steelsieres Rival 300 Hyperbeast Special Edition, Coolermaster Quickfire TKL (MX Blue), Razer Blackwidow Tournament edition (Greens).  Audio: Sennheiser HD598 SE, Edifier S1000DB, AudioEngine D1 DAC; Yamaha MG06X Mixer & AudioTechnica AT2020.

 

Phones; Daily drivers: Nexus 6P 64GB/iPhone 6 (Music), Apple Watch, Apple AirPods.

Laptop: 2015 Macbook Pro 13, 8GB of RAM, 2.7Ghz i5, 240GB Apple SSD. 

 

Spoiler

Plex Server: i7 3770, Gigabyte Board, 16GB DDR3 1600, Asus Strix GTX 1050ti 4GB, 120GB SSD Boot Drive, 8 x 3TB Seagate Barracuda, Rosewill RSV-R4000 With 2 Rosewill Hot Swap 4x Backplane Bays, 1050 Watt Corsair HX Series PSU,Hyper T2, Windows 10 Pro 

 

I also do Youtube, check me out!

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, LinusTech said:

Will be looking into this immediately.

Thanks!

 

Spoiler

I7 4790K @4.5 Ghz 1.294V

VALIDATION, MSI Z97 Gaming 7, 24GB DDR3 1600, Asus Strix 1070 8GB OC@ 2.2Ghz, Corsair graphite series 760T (Black), Cooler master V850, NH-D15 w/LNA ,1TB Samsung 850 Evo,  480GB Sandisk Ultra II SSD, 3TB Seagate Barracuda x 3, 1 TB WD Passport (Backup drive), 2 TB WD Passport (Backup Drive 2),  Windows 10 Pro x64 (uhg), Logitech G900 Chaos (Main), Steelseries Rival (FADE) (Courtesy of Edzel Yago, Thanks Ed), Steelsieres Rival 300 Hyperbeast Special Edition, Coolermaster Quickfire TKL (MX Blue), Razer Blackwidow Tournament edition (Greens).  Audio: Sennheiser HD598 SE, Edifier S1000DB, AudioEngine D1 DAC; Yamaha MG06X Mixer & AudioTechnica AT2020.

 

Phones; Daily drivers: Nexus 6P 64GB/iPhone 6 (Music), Apple Watch, Apple AirPods.

Laptop: 2015 Macbook Pro 13, 8GB of RAM, 2.7Ghz i5, 240GB Apple SSD. 

 

Spoiler

Plex Server: i7 3770, Gigabyte Board, 16GB DDR3 1600, Asus Strix GTX 1050ti 4GB, 120GB SSD Boot Drive, 8 x 3TB Seagate Barracuda, Rosewill RSV-R4000 With 2 Rosewill Hot Swap 4x Backplane Bays, 1050 Watt Corsair HX Series PSU,Hyper T2, Windows 10 Pro 

 

I also do Youtube, check me out!

Link to comment
Share on other sites

Link to post
Share on other sites

Wow, I tried the link you posted and got this

 

Capture.PNG

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, Ryan_Vickers said:

Wow, I tried the link you posted and got this

 

Capture.PNG

Same response from google as Ryan. Good job for reporting this @TDP_Equinox (:

??? Wanna join ??? my free??gift card??? giveaway??? Click ⤵ the subrscribe button?? ,turn? the notifications on ??? and finally leave a nice comment ??down below⬇⬇ , now without further adue ??? lets get on?? with the video▶▶

Link to comment
Share on other sites

Link to post
Share on other sites

I think their website has a miner embedded as well, I noticed a very obvious spike in GPU usage from FF.

 

Scratch that FF was being fucky and reporting high GPU usage when another application was running unrelated to this.

 

Original statement stands I guess

[Out-of-date] Want to learn how to make your own custom Windows 10 image?

 

Desktop: AMD R9 3900X | ASUS ROG Strix X570-F | Radeon RX 5700 XT | EVGA GTX 1080 SC | 32GB Trident Z Neo 3600MHz | 1TB 970 EVO | 256GB 840 EVO | 960GB Corsair Force LE | EVGA G2 850W | Phanteks P400S

Laptop: Intel M-5Y10c | Intel HD Graphics | 8GB RAM | 250GB Micron SSD | Asus UX305FA

Server 01: Intel Xeon D 1541 | ASRock Rack D1541D4I-2L2T | 32GB Hynix ECC DDR4 | 4x8TB Western Digital HDDs | 32TB Raw 16TB Usable

Server 02: Intel i7 7700K | Gigabye Z170N Gaming5 | 16GB Trident Z 3200MHz

Link to comment
Share on other sites

Link to post
Share on other sites

Either this new sponsor is shady af, or they just coincidentally got hacked in the last few days.  I think it could be the latter.  For one thing, I'd imagine LTT looks into their sponsors before advertising for them.  Second, lets pretend you had just hacked them but they didn't know about it yet.  You would see emails and know they're about to be on WAN show, so what do you do?  Sit back and do nothing until the link goes live then deploy your shit to hit the most people.  If you just did it as soon as you could, you could be found out and cleaned up before hand and miss a big opportunity.  Considering what they do (it's a browser extension that finds and applies coupons for online shopping automatically, so it would have access to all your most sensitive info), that scenario is truly terrifying.

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites

Link to post
Share on other sites

I just checked this myself but couldn't replicate it, maybe it was a temporary version with a miner injected into it? MBAM scan comes out as clean on my PC with the extension installed.

My rigs:

Spoiler

NEW Ryzinator build:

CPU: AMD - Ryzen 9 3950X 8-Core Processor

Motherboard: Asus - PRIME X370-PRO ATX AM4

RAM: Corsair - Vengeance LPX 32GB (2 x 16GB) DDR4-2666 @ DDR4-3066

Storage: (3x) Samsung - 850 EVO-Series 500GB 2.5", Samsung - 960 EVO 250GB M.2-2280

PSU: Seasonic Prime TX-750

OS: Microsoft - Windows 10 Pro 64-bit

Additional fan: Noctua - NF-A14 PWM 82.5 CFM 140mm Fan

Case: Fractal Design - Define R5 (Black) ATX Mid Tower Case

GPU: ASUS Radeon RX 580 Dual OC 4GB

Display: MSI 27L Optix MAG272QP @ 165Hz

 

OLD Build (SOLD):

CPU: AMD FX-6100 Motherboard: ASRock 960GM/U3S3 FX (VRM overheating, don't buy) RAM: 8GB Kingston ValueRAM GPU: Onboard ATI Radeon 3000 Graphics Case: Corsair Obsidian 500D Storage: Hitachi HDS721010CLA332 1TB, 119GB SAMSUNG MMCRE28G5MXP-0VBH1 (SSD), 465GB Western Digital WDC WD5000AZRX-00L4HB0 (SATA)  PSU: Be quiet! - Straight Power 10 400 Watt Cooling: Cooler Master Hyper 212 EVO OS: Windows 10 Pro x64 

 

Retro gaming build:

CPU: Intel Pentium 3 Coppermine @ 800MHz Motherboard: Asus P2B i440BX BIOS 1012 FSB: 133 MHz RAM: 1x 128MB Hynix PC133 SDR SDRAM GPU: ATi Radeon 9200 256MB AGP Case: Full Tower case (unbranded) Storage: CompactFlash card to IDE converter (16GB card) Sound Card: Aztech 2320 ISA Cooling: Stock heatsink fan OS: Windows 98 Second Edition

Link to comment
Share on other sites

Link to post
Share on other sites

I might have been wrong, edited post.

[Out-of-date] Want to learn how to make your own custom Windows 10 image?

 

Desktop: AMD R9 3900X | ASUS ROG Strix X570-F | Radeon RX 5700 XT | EVGA GTX 1080 SC | 32GB Trident Z Neo 3600MHz | 1TB 970 EVO | 256GB 840 EVO | 960GB Corsair Force LE | EVGA G2 850W | Phanteks P400S

Laptop: Intel M-5Y10c | Intel HD Graphics | 8GB RAM | 250GB Micron SSD | Asus UX305FA

Server 01: Intel Xeon D 1541 | ASRock Rack D1541D4I-2L2T | 32GB Hynix ECC DDR4 | 4x8TB Western Digital HDDs | 32TB Raw 16TB Usable

Server 02: Intel i7 7700K | Gigabye Z170N Gaming5 | 16GB Trident Z 3200MHz

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, Ryan_Vickers said:

Either this new sponsor is shady af, or they just coincidentally got hacked in the last few days.  I think it could be the latter.  For one thing, I'd imagine LTT looks into their sponsors before advertising for them.  Second, lets pretend you had just hacked them but they didn't know about it yet.  You would see emails and know they're about to be on WAN show, so what do you do?  Sit back and do nothing until the link goes live then deploy your shit to hit the most people.  If you just did it as soon as you could, you could be found out and cleaned up before hand and miss a big opportunity.  Considering what they do (it's a browser extension that finds and applies coupons for online shopping automatically, so it would have access to all your most sensitive info), that scenario is truly terrifying.

To be fair, they could have just paid for sponsorship to get people using it first and then released the malware afterwards.

I wouldn't be surprised, considering it is free and just gets people discount codes.

Never trusted any of this kind of stuff myself.

NEW PC build: Blank Heaven   minimalist white and black PC     Old S340 build log "White Heaven"        The "LIGHTCANON" flashlight build log        Project AntiRoll (prototype)        Custom speaker project

Spoiler

Ryzen 3950X | AMD Vega Frontier Edition | ASUS X570 Pro WS | Corsair Vengeance LPX 64GB | NZXT H500 | Seasonic Prime Fanless TX-700 | Custom loop | Coolermaster SK630 White | Logitech MX Master 2S | Samsung 980 Pro 1TB + 970 Pro 512GB | Samsung 58" 4k TV | Scarlett 2i4 | 2x AT2020

 

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, Enderman said:

To be fair, they could have just paid for sponsorship to get people using it first and then released the malware afterwards.

I wouldn't be surprised, considering it is free and just gets people discount codes.

Never trusted any of this kind of stuff myself.

Well, yeah that is the first option I suggested :P but in a way that would excuse LTT

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites

Link to post
Share on other sites

3 minutes ago, Ryan_Vickers said:

Either this new sponsor is shady af, or they just coincidentally got hacked in the last few days.  I think it could be the latter.  For one thing, I'd imagine LTT looks into their sponsors before advertising for them.  Second, lets pretend you had just hacked them but they didn't know about it yet.  You would see emails and know they're about to be on WAN show, so what do you do?  Sit back and do nothing until the link goes live then deploy your shit to hit the most people.  If you just did it as soon as you could, you could be found out and cleaned up before hand and miss a big opportunity.  Considering what they do (it's a browser extension that finds and applies coupons for online shopping automatically, so it would have access to all your most sensitive info), that scenario is truly terrifying.

I have 100% faith that LTT looks into their sponsors; and I have no doubt that it passed their vetting process at the time. Just wanted to point this out for obvious reasons. 

 

Spoiler

I7 4790K @4.5 Ghz 1.294V

VALIDATION, MSI Z97 Gaming 7, 24GB DDR3 1600, Asus Strix 1070 8GB OC@ 2.2Ghz, Corsair graphite series 760T (Black), Cooler master V850, NH-D15 w/LNA ,1TB Samsung 850 Evo,  480GB Sandisk Ultra II SSD, 3TB Seagate Barracuda x 3, 1 TB WD Passport (Backup drive), 2 TB WD Passport (Backup Drive 2),  Windows 10 Pro x64 (uhg), Logitech G900 Chaos (Main), Steelseries Rival (FADE) (Courtesy of Edzel Yago, Thanks Ed), Steelsieres Rival 300 Hyperbeast Special Edition, Coolermaster Quickfire TKL (MX Blue), Razer Blackwidow Tournament edition (Greens).  Audio: Sennheiser HD598 SE, Edifier S1000DB, AudioEngine D1 DAC; Yamaha MG06X Mixer & AudioTechnica AT2020.

 

Phones; Daily drivers: Nexus 6P 64GB/iPhone 6 (Music), Apple Watch, Apple AirPods.

Laptop: 2015 Macbook Pro 13, 8GB of RAM, 2.7Ghz i5, 240GB Apple SSD. 

 

Spoiler

Plex Server: i7 3770, Gigabyte Board, 16GB DDR3 1600, Asus Strix GTX 1050ti 4GB, 120GB SSD Boot Drive, 8 x 3TB Seagate Barracuda, Rosewill RSV-R4000 With 2 Rosewill Hot Swap 4x Backplane Bays, 1050 Watt Corsair HX Series PSU,Hyper T2, Windows 10 Pro 

 

I also do Youtube, check me out!

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, TDP_Equinox said:

I have 100% faith that LTT looks into their sponsors; and I have no doubt that it passed their vetting process at the time. Just wanted to point this out for obvious reasons. 

well to be fair, it's probably not something they would even think to look for. it should be illegal to use your site's visitors computers to mine without any kind of authorization or acknowledgement. will be interesting to see the outcome of this.

🌲🌲🌲

 

 

 

◒ ◒ 

Link to comment
Share on other sites

Link to post
Share on other sites

Hopefully it is a 'the site got hacked situation' rather than a scam situation, either way given his quick observance I'm sure they are already investigating what is going on so they can make a decision on how to proceed

https://linustechtips.com/main/topic/631048-psu-tier-list-updated/ Tier Breakdown (My understanding)--1 Godly, 2 Great, 3 Good, 4 Average, 5 Meh, 6 Bad, 7 Awful

 

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, Ryan_Vickers said:

Well, yeah that is the first option I suggested :P but in a way that would excuse LTT

Also, same thing for me, going to the website uses a massive 25% GPU continuously which no other site does.

Other normal websites are sitting at like 1% usage and sometimes jumps up to 5-10% when scrolling.

NEW PC build: Blank Heaven   minimalist white and black PC     Old S340 build log "White Heaven"        The "LIGHTCANON" flashlight build log        Project AntiRoll (prototype)        Custom speaker project

Spoiler

Ryzen 3950X | AMD Vega Frontier Edition | ASUS X570 Pro WS | Corsair Vengeance LPX 64GB | NZXT H500 | Seasonic Prime Fanless TX-700 | Custom loop | Coolermaster SK630 White | Logitech MX Master 2S | Samsung 980 Pro 1TB + 970 Pro 512GB | Samsung 58" 4k TV | Scarlett 2i4 | 2x AT2020

 

Link to comment
Share on other sites

Link to post
Share on other sites

4 minutes ago, Enderman said:

Also, same thing for me, going to the website uses a massive 25% GPU continuously which no other site does.

Other normal websites are sitting at like 1% usage and sometimes jumps up to 5-10% when scrolling.

Yeah I got a malware extention block on it with Ublock Origin, there is an issue of some sort, and the crypto miners fall under that category so @DeadEyePsycho I think you no longer need that edit

https://linustechtips.com/main/topic/631048-psu-tier-list-updated/ Tier Breakdown (My understanding)--1 Godly, 2 Great, 3 Good, 4 Average, 5 Meh, 6 Bad, 7 Awful

 

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, AresKrieger said:

Yeah I got a malware extention block on it with Ublock Origin, there is an issue of some sort, and the crypto miners fall under that category so @DeadEyePsycho I think you no longer need that edit

My chrome ublock origin extension didn't block anything, did you go to a separate page or just the website home page?

NEW PC build: Blank Heaven   minimalist white and black PC     Old S340 build log "White Heaven"        The "LIGHTCANON" flashlight build log        Project AntiRoll (prototype)        Custom speaker project

Spoiler

Ryzen 3950X | AMD Vega Frontier Edition | ASUS X570 Pro WS | Corsair Vengeance LPX 64GB | NZXT H500 | Seasonic Prime Fanless TX-700 | Custom loop | Coolermaster SK630 White | Logitech MX Master 2S | Samsung 980 Pro 1TB + 970 Pro 512GB | Samsung 58" 4k TV | Scarlett 2i4 | 2x AT2020

 

Link to comment
Share on other sites

Link to post
Share on other sites

12 minutes ago, Enderman said:

My chrome ublock origin extension didn't block anything, did you go to a separate page or just the website home page?

Oh I appear to have java scripts disabled xD, the thing it blocked is in my custom list which is generally malware or redirects but this appears to be some sort of analytics or tracker

 

@Enderman Yeah I turned java script back on and got spikes of up to 32% load, normal is far lower than that

image.png.5d24942784fcb06101ef9f089184e410.png

 

I'd recommend anyone who doesn't have ample protection (sandbox tools and extensive malware protection) and / or a backup to avoid the site for now

https://linustechtips.com/main/topic/631048-psu-tier-list-updated/ Tier Breakdown (My understanding)--1 Godly, 2 Great, 3 Good, 4 Average, 5 Meh, 6 Bad, 7 Awful

 

Link to comment
Share on other sites

Link to post
Share on other sites

Your link brings up the warning (and leads back to the video), the link under the video however doesn't. Don't know what's going on there

"We also blind small animals with cosmetics.
We do not sell cosmetics. We just blind animals."

 

"Please don't mistake us for Equifax. Those fuckers are evil"

 

This PSA brought to you by Equifacks.
PMSL

Link to comment
Share on other sites

Link to post
Share on other sites

18 minutes ago, Dabombinable said:

Your link brings up the warning (and leads back to the video), the link under the video however doesn't. Don't know what's going on there

Because if you hover the link, it's a redirect using Youtube as an intermediate.

https://www.youtube.com/redirect?v=JnZM9VY86_w&event=video_description&redir_token=J9zHTHJAIoE3Ib9zStXl7gu9c2d8MTUxMzAzNTU5NEAxNTEyOTQ5MTk0&q=https%3A%2F%2Fwww.joinhoney.com%2Flinus

 

I think this is their new policy for links being linked in video descriptions that are outside of Youtube.

 

If you go on the website directly, it does nothing.

https://www.joinhoney.com/linus

CPU: AMD Ryzen 3700x / GPU: Asus Radeon RX 6750XT OC 12GB / RAM: Corsair Vengeance LPX 2x8GB DDR4-3200
MOBO: MSI B450m Gaming Plus / NVME: Corsair MP510 240GB / Case: TT Core v21 / PSU: Seasonic 750W / OS: Win 10 Pro

Link to comment
Share on other sites

Link to post
Share on other sites

Used it before (months ago). Didnt notice any slowdowns (what u can consider one on 2 core laptop i5 :D)

Link to comment
Share on other sites

Link to post
Share on other sites

My CPU usage hasnt changed any, cant attest to what happens when you visit the site, I have javescript disabled so It sounds like it would block it.

Intel i7-7700k @ 5.1ghz | Asus ROG Maximus Hero IX | Asus ROG Poseidon Platinum 1080ti @ 2126mhz | 64gb Trident-Z DDR4 @ 3600mhz | Samsung 960 Pro 1tb @ 3500mbps/2500mbps | Crucial 240gb SSD | Toshiba 4tb 7200rpm HDD w/ Crucial 128gb SSD cache | Corsair Hx1000i PSU | EK 360mm Coolstream XE Radiator | EK-Supremacy Evo Waterblock | EK-DDC 3.2 PWM Elite Edition Pump | EK-RES X3 150 RGB Reservoir | Primochill AdvancedLRT Clear Tubing | Primochill VUE UV Blue Coolant | Corsair 570x Crystal RGB Case | 4x 30cm CableMod UV/RGB Widebeam Hybrid Led Strip | 3x 120mm Corsair SP120 RGB Fans | 3x Noctua NF-A14 iPPC 3000rpm Fans | 3x Noctua NF-A12x15 Fan | CableMod ModFlex PSU & SATA Cables | Asus ROG Swift 27" 4k IPS w/G-Sync & LG UD68 27" 4k IPS w/Freesync |

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×