Thursday, November 30th 2017

Web Cryptocurrency Mining Evolves: Now Keeps Running After Closing Browser

Well, after users think they've closed their browsers, more specifically. Researchers form anti-malware provider Malwarebytes have discovered a new form of web-based cryptocurrency mining that has a stealth-like approach to running mining code, which might cause less attentive users' machines to keep mining even after their web browsers have been closed. This is done via an utterly simple method, really: upon opening a malicious web page that has been coded to make users' machines mine cryptocurrency, the web page opens a pop-up window that is minimized behind the Windows Taskbar's clock. It's ingeniously simple - but could be surprisingly hard to detect, and could mean that the mining process will actually keep on using CPU cycles and mining crypto indefinitely until the next system reboot.

In a blog post published Wednesday morning, Malwarebytes Lead Malware Intelligence Analyst Jérôme Segura wrote that "This type of pop-under is designed to bypass adblockers and is a lot harder to identify because of how cleverly it hides itself. Closing the browser using the "X" is no longer sufficient." He then added a possible solution for the problem, writing that "The more technical users will want to run Task Manager to ensure there is no remnant running browser processes and terminate them. Alternatively, the taskbar will still show the browser's icon with slight highlighting, indicating that it is still running." Segura said the technique worked on the latest version of Chrome running on the latest versions of Windows 7 and Windows 10.

At the moment, there are no indications the hidden window trick is being deployed on other browsers or operating systems, but that's just the logical next step in this saga. Until then, maybe just keep your task manager at hand, and inform your less tech-savvy familiars of this issue. You can also take some additional steps to prevent these new kinds of web-based mining algorithms to sideblind you: a good option would be to have a resource monitor app open on the desktop (Rainmeter has many of these, but there are other more tech-oriented, motherboard and CPU-vendor specific solutions), and also to disable the "Combine Taskbar Buttons" on your OS. On Windows 10, right click the taskbar, open "Taskbar Settings", Choose the "Combine Taskbar Buttons" and change that from the default "Always, hide labels" to "Never".

Sources: Malwarebytes Blog, via Ars Technica
Add your own comment

74 Comments on Web Cryptocurrency Mining Evolves: Now Keeps Running After Closing Browser

#1
9700 Pro
Oh, great. I don't mine toy money myself and now someone is using my PC's resources without my permission, even when my browser is closed.
Posted on Reply
#2
RejZoR
Erm, shouldn't there be a main taskbar button still visible? No matter how much you minimize and hide the actual window, taskbar button should still be there and a clear indicator something is still open when it shouldn't be...
Posted on Reply
#3
gdallsk
RejZoR said:
Erm, shouldn't there be a main taskbar button still visible? No matter how much you minimize and hide the actual window, taskbar button should still be there and a clear indicator something is still open when it shouldn't be...
Alternatively, the taskbar will still show the browser's icon with slight highlighting, indicating that it is still running.
It does.
Posted on Reply
#4
RejZoR
So, what's the problem then? You have to be kinda stupid to not realize something isn't right if there is button stuck in a taskbar but no window is visible. Even total computer newbs get that imo.
Posted on Reply
#5
FYFI13
[IMG]https://fthmb.tqn.com/WXDVAsus8w5vSUYzomJURTxg3nM=/768x0/filters:no_upscale()/cpumetergadget-580711ca5f9b5805c20b4a51.jpg[/IMG]
Easiest solution for non tech savy users :)

RejZoR said:
So, what's the problem then? You have to be kinda stupid to not realize something isn't right if there is button stuck in a taskbar but no window is visible. Even total computer newbs get that imo.
Your belief in humanity is way too high.
Posted on Reply
#6
Raevenlord
News Editor
RejZoR said:
So, what's the problem then? You have to be kinda stupid to not realize something isn't right if there is button stuck in a taskbar but no window is visible. Even total computer newbs get that imo.
FYFI13 said:
Your belief in humanity is way too high.
Posted on Reply
#7
seronx
Is no one going to mention the porn?

:shadedshu:
Posted on Reply
#8
HopelesslyFaithful
this is blatantly illegal and constitutes as theft and the people who run this should be charged with theft and imprisoned. PERIOD
Posted on Reply
#9
_JP_
Okay, so this is something I feared... :mad:
Posted on Reply
#10
Exceededgoku
HopelesslyFaithful said:
this is blatantly illegal and constitutes as theft and the people who run this should be charged with theft and imprisoned. PERIOD
Other than the clickbait title, this doesn't seem very innovative... I, again, don't see any problem with this approach for supporting a websites' content.

Seems FAR better to me than being bombarded with adverts that pop up if you click anywhere on a page (a common practice today). Truth is, if you're visiting a page that has this software installed then you are using resources in some way shape or form.

I think you're either overreacting or misinformed if you have any issue with this. Someone needs to pay the bills at the end of the day!
Posted on Reply
#11
HTC
Does this also affect linux users or is it windows only?
Posted on Reply
#12
TheinsanegamerN
And yet another reason to use ublock.
HopelesslyFaithful said:
this is blatantly illegal and constitutes as theft and the people who run this should be charged with theft and imprisoned. PERIOD
What law is it breaking?
Posted on Reply
#13
FYFI13
@Exceededgoku 100% CPU usage is NOT ok in many cases. Reading news, CPU load goes to max, barely can scroll through web page. Close web browser, trying to play some movie but it stutters as hell. Some users would simply kill browser processes, sure. What about less experienced people? Restart PC each time you open web browser?
It should be legal to kill with fire owners of websites that use this malware.

@TheinsanegamerN Re-read news, it’s designed to bypass all ad blockers.
Posted on Reply
#14
Upgrayedd
Illegal af. Can't just willy nilly go and start remotely using peoples PC's to your own benefit. Has to be some consent. If that consent is just simply visiting the site then its fukd and something needs fixin.
Posted on Reply
#15
cdawall
where the hell are my stars
Upgrayedd said:
Illegal af. Can't just willy nilly go and start remotely using peoples PC's to your own benefit. Has to be some consent. If that consent is just simply visiting the site then its fukd and something needs fixin.
Did you go to their web page? Did you use their resources?

This isn't illegal, heavily immoral, but not illegal. It is no more illegal than any other pop-up. Remember every big giant ad with 3D rendering will utilize gpu/cpu cycles and they also do it for profit, there are also ones that auto minimize or refuse to close.

Put you e-lawbook down.
Posted on Reply
#16
Prima.Vera
Yourporn.com ?? I thought this was a safe site ;)
Posted on Reply
#17
newtekie1
Semi-Retired Folder
RejZoR said:
So, what's the problem then? You have to be kinda stupid to not realize something isn't right if there is button stuck in a taskbar but no window is visible. Even total computer newbs get that imo.
I literally had a customer bring their laptop in last week because Chrome wasn't opening. They'd click on the button and nothing was open. It was opening but they had some how dragged Chrome almost completely off the screen, so only a little tiny corner of the windows was showing in the bottom right of the screen.

Don't give humanity too much credit.

Prima.Vera said:
Yourporn.com ?? I thought this was a safe site ;)
Right now, it is either that or a pirate site. Those are really the only ones doing this type of thing...well, and the UFC.
Posted on Reply
#18
RejZoR
Porn sites used to actually be the most secure webpages in general. Maybe they still are, but they'll load them with this crap.
Posted on Reply
#19
9700 Pro
TheinsanegamerN said:
What law is it breaking?
I'd call it stealing at least.

Crap like this makes me pay more for electricity for example.
Posted on Reply
#20
cdawall
where the hell are my stars
9700 Pro said:
I'd call it stealing at least.

Crap like this makes me pay more for electricity for example.
Why? When you get a 3D ad open it pulls more power. They do the same thing for minimizing and what not yet that has been ok for decades.
Posted on Reply
#21
Chaitanya
Exceededgoku said:
Other than the clickbait title, this doesn't seem very innovative... I, again, don't see any problem with this approach for supporting a websites' content.

Seems FAR better to me than being bombarded with adverts that pop up if you click anywhere on a page (a common practice today). Truth is, if you're visiting a page that has this software installed then you are using resources in some way shape or form.

I think you're either overreacting or misinformed if you have any issue with this. Someone needs to pay the bills at the end of the day!
I would have agreed with you if the scripts stopped once user had left the website. continuing to run scripts in background when the user has left the website is highly immoral and exploiting user's resources maybe borderline extortion.
Posted on Reply
#22
9700 Pro
cdawall said:
Why? When you get a 3D ad open it pulls more power. They do the same thing for minimizing and what not yet that has been ok for decades.
But.. I'm pretty sure that it doesn't pull that much out from my PC as a toy money miner..? o_O

And I could use that for mining toy money myself, but someone else takes them?
Posted on Reply
#23
cdawall
where the hell are my stars
9700 Pro said:
But.. I'm pretty sure that it doesn't pull that much out from my PC as a toy money miner..? o_O

And I could use that for mining toy money myself, but someone else takes them?
CPU+GPU load wattage for running 3D will be higher than a CPU running under load. You do know that GPU's are drawing a good bit more than CPU's for the most part right now right? Heck it is why Google Chrome uses battery life faster than edge right now.
Posted on Reply
#24
9700 Pro
cdawall said:
CPU+GPU load wattage for running 3D will be higher than a CPU running under load. You do know that GPU's are drawing a good bit more than CPU's for the most part right now right? Heck it is why Google Chrome uses battery life faster than edge right now.
Yea I know, and my GTX 980 is OV'd and OC'd. But still I consider that as stealing.
Posted on Reply
#25
newtekie1
Semi-Retired Folder
RejZoR said:
Porn sites used to actually be the most secure webpages in general. Maybe they still are, but they'll load them with this crap.
That was back in the day when people paid for online porn. The free sites have to make money other ways, and loading your computer with garbage apparently pays the bills.
Posted on Reply
Add your own comment