Earlier this year, we told you that a few dodgy sites were surreptitiously running cryptocurrency miners in the background. By just directing your browser towards a certain site, your PC and your electricity would be used to earn money for other people. The Pirate Bay pulled this trick for a while, before enraged users digitally rioted.
Now some dodgy sites are making it so they continue to mine from your PC, even after you’ve closed your browser. Malwarebytes detailed how it works in a blog post, and it’s really quite sneaky.
Dodgy sites (in this case, a purveyor of pornography) load up scripts that open hidden pop-under windows which then hide under taskbars, mining cryptocurrency in the background. Cleverly, mining is throttled, as to not utilise your entire CPU, in an attempt to stay under the radar. It’s designed to bypass adblockers, meaning your fancy plugins probably won’t notice it.
If you’ve noticed your PC running a just a little more sluggish than usual, it’s possible you’ve visited a dodgy site and become victim to a bit of drive-by mining.
“This type of pop-under is designed to bypass adblockers and is a lot harder to identify because of how cleverly it hides itself,” says Jérôme Segura, Malwarebytes’ Lead Malware Intelligence Analyst. “Closing the browser using the “X” is no longer sufficient.”
Thankfully, there are ways to mitigate this. While most adblockers and Antivirus programs won’t notice this behaviour, there are a few extensions like No Coin for Firefox and Chrome that stop mining scripts in their tracks.
Last Updated: November 30, 2017
Krabby Paddy
November 30, 2017 at 12:37
PC is mined blown.
Admiral Chief Silver Dragon
November 30, 2017 at 12:38
“drive-by mining.”
HAH
Ottokie
November 30, 2017 at 12:40
As long as the porn does not lag…
Admiral Chief Silver Dragon
November 30, 2017 at 12:41
Bere jou wors dan in jou broek, dan sal dit nie vir jou lag nie
RinceThis
November 30, 2017 at 12:45
Sneaky buggers
Lord Chaos
November 30, 2017 at 12:48
A pop-up(under) will still show as an active window on the taskbar though…
Admiral Chief Silver Dragon
November 30, 2017 at 12:49
Perhaps it runs as a schneaky process
Lord Chaos
November 30, 2017 at 12:54
Unless you physically download something a browser can’t kick off a background process
Admiral Chief Silver Dragon
November 30, 2017 at 12:59
Don’t clicky click the boobie boob
Lord Chaos
November 30, 2017 at 13:32
New meaning of running cookies on your browser 😛
Admiral Chief Silver Dragon
November 30, 2017 at 13:45
HAHAHAHA
Lord Chaos
November 30, 2017 at 14:37
One day I will be funny enough to get a featured comment 🙁
miaau
November 30, 2017 at 14:33
nice one!
HvR
November 30, 2017 at 17:26
https://youtu.be/K8nrF5aXPlQ?t=252
HvR
November 30, 2017 at 16:55
Wait wasn’t a certain browed CH reader always complaining that “Excel” was using all his new i5 CPU power?
HvR
November 30, 2017 at 16:57
Next money making idea, built in miner in a Mine blocking “No Coin” plugin
Milesh Bhana
December 1, 2017 at 20:28
My PC started getting a little sluggish. Pretty much exactly after it upgraded to Windows 10 Creator’s Update. Miner hiding in that dodgy Windows Update App too apparently.