Thursday, November 30th 2017
Web Cryptocurrency Mining Evolves: Now Keeps Running After Closing Browser
Well, after users think they've closed their browsers, more specifically. Researchers form anti-malware provider Malwarebytes have discovered a new form of web-based cryptocurrency mining that has a stealth-like approach to running mining code, which might cause less attentive users' machines to keep mining even after their web browsers have been closed. This is done via an utterly simple method, really: upon opening a malicious web page that has been coded to make users' machines mine cryptocurrency, the web page opens a pop-up window that is minimized behind the Windows Taskbar's clock. It's ingeniously simple - but could be surprisingly hard to detect, and could mean that the mining process will actually keep on using CPU cycles and mining crypto indefinitely until the next system reboot.
In a blog post published Wednesday morning, Malwarebytes Lead Malware Intelligence Analyst Jérôme Segura wrote that "This type of pop-under is designed to bypass adblockers and is a lot harder to identify because of how cleverly it hides itself. Closing the browser using the "X" is no longer sufficient." He then added a possible solution for the problem, writing that "The more technical users will want to run Task Manager to ensure there is no remnant running browser processes and terminate them. Alternatively, the taskbar will still show the browser's icon with slight highlighting, indicating that it is still running." Segura said the technique worked on the latest version of Chrome running on the latest versions of Windows 7 and Windows 10.
At the moment, there are no indications the hidden window trick is being deployed on other browsers or operating systems, but that's just the logical next step in this saga. Until then, maybe just keep your task manager at hand, and inform your less tech-savvy familiars of this issue. You can also take some additional steps to prevent these new kinds of web-based mining algorithms to sideblind you: a good option would be to have a resource monitor app open on the desktop (Rainmeter has many of these, but there are other more tech-oriented, motherboard and CPU-vendor specific solutions), and also to disable the "Combine Taskbar Buttons" on your OS. On Windows 10, right click the taskbar, open "Taskbar Settings", Choose the "Combine Taskbar Buttons" and change that from the default "Always, hide labels" to "Never".
Sources:
Malwarebytes Blog, via Ars Technica
At the moment, there are no indications the hidden window trick is being deployed on other browsers or operating systems, but that's just the logical next step in this saga. Until then, maybe just keep your task manager at hand, and inform your less tech-savvy familiars of this issue. You can also take some additional steps to prevent these new kinds of web-based mining algorithms to sideblind you: a good option would be to have a resource monitor app open on the desktop (Rainmeter has many of these, but there are other more tech-oriented, motherboard and CPU-vendor specific solutions), and also to disable the "Combine Taskbar Buttons" on your OS. On Windows 10, right click the taskbar, open "Taskbar Settings", Choose the "Combine Taskbar Buttons" and change that from the default "Always, hide labels" to "Never".
74 Comments on Web Cryptocurrency Mining Evolves: Now Keeps Running After Closing Browser
Easiest solution for non tech savy users :)Your belief in humanity is way too high.
:shadedshu:
Seems FAR better to me than being bombarded with adverts that pop up if you click anywhere on a page (a common practice today). Truth is, if you're visiting a page that has this software installed then you are using resources in some way shape or form.
I think you're either overreacting or misinformed if you have any issue with this. Someone needs to pay the bills at the end of the day!
It should be legal to kill with fire owners of websites that use this malware.
@TheinsanegamerN Re-read news, it’s designed to bypass all ad blockers.
This isn't illegal, heavily immoral, but not illegal. It is no more illegal than any other pop-up. Remember every big giant ad with 3D rendering will utilize gpu/cpu cycles and they also do it for profit, there are also ones that auto minimize or refuse to close.
Put you e-lawbook down.
Don't give humanity too much credit.Right now, it is either that or a pirate site. Those are really the only ones doing this type of thing...well, and the UFC.
Crap like this makes me pay more for electricity for example.
And I could use that for mining toy money myself, but someone else takes them?