Thursday, November 30th 2017
Web Cryptocurrency Mining Evolves: Now Keeps Running After Closing Browser
Well, after users think they've closed their browsers, more specifically. Researchers form anti-malware provider Malwarebytes have discovered a new form of web-based cryptocurrency mining that has a stealth-like approach to running mining code, which might cause less attentive users' machines to keep mining even after their web browsers have been closed. This is done via an utterly simple method, really: upon opening a malicious web page that has been coded to make users' machines mine cryptocurrency, the web page opens a pop-up window that is minimized behind the Windows Taskbar's clock. It's ingeniously simple - but could be surprisingly hard to detect, and could mean that the mining process will actually keep on using CPU cycles and mining crypto indefinitely until the next system reboot.In a blog post published Wednesday morning, Malwarebytes Lead Malware Intelligence Analyst Jérôme Segura wrote that "This type of pop-under is designed to bypass adblockers and is a lot harder to identify because of how cleverly it hides itself. Closing the browser using the "X" is no longer sufficient." He then added a possible solution for the problem, writing that "The more technical users will want to run Task Manager to ensure there is no remnant running browser processes and terminate them. Alternatively, the taskbar will still show the browser's icon with slight highlighting, indicating that it is still running." Segura said the technique worked on the latest version of Chrome running on the latest versions of Windows 7 and Windows 10.
At the moment, there are no indications the hidden window trick is being deployed on other browsers or operating systems, but that's just the logical next step in this saga. Until then, maybe just keep your task manager at hand, and inform your less tech-savvy familiars of this issue. You can also take some additional steps to prevent these new kinds of web-based mining algorithms to sideblind you: a good option would be to have a resource monitor app open on the desktop (Rainmeter has many of these, but there are other more tech-oriented, motherboard and CPU-vendor specific solutions), and also to disable the "Combine Taskbar Buttons" on your OS. On Windows 10, right click the taskbar, open "Taskbar Settings", Choose the "Combine Taskbar Buttons" and change that from the default "Always, hide labels" to "Never".
At the moment, there are no indications the hidden window trick is being deployed on other browsers or operating systems, but that's just the logical next step in this saga. Until then, maybe just keep your task manager at hand, and inform your less tech-savvy familiars of this issue. You can also take some additional steps to prevent these new kinds of web-based mining algorithms to sideblind you: a good option would be to have a resource monitor app open on the desktop (Rainmeter has many of these, but there are other more tech-oriented, motherboard and CPU-vendor specific solutions), and also to disable the "Combine Taskbar Buttons" on your OS. On Windows 10, right click the taskbar, open "Taskbar Settings", Choose the "Combine Taskbar Buttons" and change that from the default "Always, hide labels" to "Never".