Dodgy sites continue mining cryptocurrency even after you close your browser

2 min read


Earlier this year, we told you that a few dodgy sites were surreptitiously running cryptocurrency miners in the background. By just directing your browser towards a certain site, your PC and your electricity would be used to earn money for other people. The Pirate Bay pulled this trick for a while, before enraged users digitally rioted.

Now some dodgy sites are making it so they continue to mine from your PC, even after you’ve closed your browser. Malwarebytes detailed how it works in a blog post, and it’s really quite sneaky.

Dodgy sites (in this case, a purveyor of pornography) load up scripts that open hidden pop-under windows which then hide under taskbars, mining cryptocurrency in the background. Cleverly, mining is throttled, as to not utilise your entire CPU, in an attempt to stay under the radar. It’s designed to bypass adblockers, meaning your fancy plugins probably won’t notice it.

If you’ve noticed your PC running a just a little more sluggish than usual, it’s possible you’ve visited a dodgy site and become victim to a bit of drive-by mining.

“This type of pop-under is designed to bypass adblockers and is a lot harder to identify because of how cleverly it hides itself,” says Jérôme Segura, Malwarebytes’ Lead Malware Intelligence Analyst. “Closing the browser using the “X” is no longer sufficient.”

Thankfully, there are ways to mitigate this. While most adblockers and Antivirus programs won’t notice this behaviour, there are a few extensions like No Coin for Firefox and Chrome that stop mining scripts in their tracks.

Read  Steam is killing Bitcoin as a payment option

Last Updated: November 30, 2017

Geoffrey Tim

Editor. I’m old, grumpy and more than just a little cynical. One day, I found myself in possession of a NES, and a copy of Super Mario Bros 3. It was that game that made me realise that games were more than just toys to idly while away time – they were capable of being masterpieces. I’m here now, looking for more of those masterpieces.

  • MonsterCheddar

    Anything for a buck these days.

  • Krabby Paddy

    PC is mined blown.

  • Admiral Chief Silver Dragon

    “drive-by mining.”

  • As long as the porn does not lag…

    • Admiral Chief Silver Dragon

      Bere jou wors dan in jou broek, dan sal dit nie vir jou lag nie

  • Sneaky buggers

  • Lord Chaos

    A pop-up(under) will still show as an active window on the taskbar though…

    • Admiral Chief Silver Dragon

      Perhaps it runs as a schneaky process

      • Lord Chaos

        Unless you physically download something a browser can’t kick off a background process

        • Admiral Chief Silver Dragon

          Don’t clicky click the boobie boob

          • Lord Chaos

            New meaning of running cookies on your browser 😛

          • Admiral Chief Silver Dragon


          • Lord Chaos

            One day I will be funny enough to get a featured comment 🙁

          • miaau

            nice one!

          • HvR
  • HvR

    Wait wasn’t a certain browed CH reader always complaining that “Excel” was using all his new i5 CPU power?

  • HvR

    Next money making idea, built in miner in a Mine blocking “No Coin” plugin

  • Milesh Bhana

    My PC started getting a little sluggish. Pretty much exactly after it upgraded to Windows 10 Creator’s Update. Miner hiding in that dodgy Windows Update App too apparently.

Check Also

Bitcoin mining pool Nicehash hacked, over $65 million stolen

The easiest way to mine Bitcoin just became severely compromised, as mining pool Nicehash …