Earlier this year, we told you that a few dodgy sites were surreptitiously running cryptocurrency miners in the background. By just directing your browser towards a certain site, your PC and your electricity would be used to earn money for other people. The Pirate Bay pulled this trick for a while, before enraged users digitally rioted.
Now some dodgy sites are making it so they continue to mine from your PC, even after you’ve closed your browser. Malwarebytes detailed how it works in a blog post, and it’s really quite sneaky.
Dodgy sites (in this case, a purveyor of pornography) load up scripts that open hidden pop-under windows which then hide under taskbars, mining cryptocurrency in the background. Cleverly, mining is throttled, as to not utilise your entire CPU, in an attempt to stay under the radar. It’s designed to bypass adblockers, meaning your fancy plugins probably won’t notice it.
If you’ve noticed your PC running a just a little more sluggish than usual, it’s possible you’ve visited a dodgy site and become victim to a bit of drive-by mining.
“This type of pop-under is designed to bypass adblockers and is a lot harder to identify because of how cleverly it hides itself,” says Jérôme Segura, Malwarebytes’ Lead Malware Intelligence Analyst. “Closing the browser using the “X” is no longer sufficient.”
Thankfully, there are ways to mitigate this. While most adblockers and Antivirus programs won’t notice this behaviour, there are a few extensions like No Coin for Firefox and Chrome that stop mining scripts in their tracks.
Last Updated: November 30, 2017