December 5, 2017

Beware! Few Websites Use Your CPU to Mine Cryptocurrency “Even After Exiting Browser Window”!

Few websites have discovered a new way to run cryptocurrency mining javascript even after you close the browser window.


After world’s most popular torrent website, ‘The Pirate Bay’ drew sharp criticism from its users for intentionally using visitors’ CPU power to generate Cryptocurrency profits for itself, many other websites have started using this technique as an alternative method for making money. However, the crypto-miner services these websites used could only mine cryptocurrencies as long as you are on the site and they would lose all the access to the associated resources of your computer when you close the browser window eventually stopping the mining. However, this isn’t the case anymore.
Security researchers of the anti-malware provider Malwarebytes, have discovered a clever crypto mining scheme where the cryptocurrency mining software runs in the background even when you have closed the offending browser window of the compromised website.

How does this Method Work?

According to the  Malwarebytes, the new method secretly opens a hidden pop-under browser window that hides behind the clock on the Microsoft Windows taskbar and then continues to run the crypto miner scripts that generates cryptocurrency for the website owners by using the CPU resources and power from your computer.


The pop-under window fits well behind the taskbar and its coordinates will vary based on the user’s screen resolution. You can find it’s position with this method: Horizontal position = ( current screen x resolution ) – 100 Vertical position = ( current screen y resolution ) – 40.

Researchers say as these pop-under windows are cleverly hidden and also due to the fact that they can even bypass the ad blockers, this technique is a lot harder to find out.

Malwarebytes Lead Malware Intelligence Analyst Jérôme Segura said that “This type of pop-under is designed to bypass adblockers and is a lot harder to identify because of how cleverly it hides itself. Closing the browser using the “X” is no longer sufficient. The more technical users will want to run Task Manager to ensure there is no remnant running browser processes and terminate them. Alternatively, the taskbar will still show the browser’s icon with slight highlighting, indicating that it is still running.”

Also, they even take care of the maximum CPU usage to remain unidentified. These crypto-miner runs from a crypto-mining engine hosted by Amazon Web Servers.

How To Block Cryptocurrency Miners?

If you feel that your processor taking ages to run than usual, then open the taskbar and look for any browser windows and kill it or just restart the system. If the taskbar is set to transparent, the pop-under can be seen. Even resizing the taskbar will reveal the hidden window.

The more technical users will want to run Task Manager to ensure there is no remnant running browser processes and terminate them.

You can also use anti-virus software to block the crypto miner code. You can find out more techniques on how to block the cryptocurrency mining here.

According to Segura, the technique is working with the latest version of Google Chrome on Windows 7 and Windows 10. As for other browsers and operating systems, the firm says “results may vary.”

About the author 


{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}