Sneaky websites continue to mine cryptocurrency even after you close them
With the massive rise in popularity -- and value -- of cryptocurrencies such as Bitcoin, it's little wonder that people are seeking out ever more imaginative and sneaky ways to mine coins without having to invest in dedicated hardware.
Websites that mine for cryptocurrency in the background, making use of visitors' CPU time, are nothing new -- the Pirate Bay has been caught red-handed, for instance, using a Monero miner in the form of the Coinhive JavaScript Miner. But now researchers have discovered that some websites are using a drive-by mining technique that allows them to continue cryptomining even after the site is closed.
See also:
- The Pirate Bay is secretly running a Bitcoin miner in the background, increasing your CPU usage
- SafeBrowse Chrome extension found to be secretly mining for cryptocurrency
- Cloudflare ditches sites that use Coinhive mining code after classing it as malware
Researchers from security firm Malwarebytes discovers what they describe as "persistent drive-by cryptomining" which is likely to go completely unnoticed by the vast majority of people. In a blog post they explain that a pop-under is used to enable cryptomining to continue even after a visitor closes or navigates away from a site with an embedded cryptominer.
The reason the pop-under goes unnoticed is that it is very small and positioned almost off the screen -- nestling beneath the clock in the taskbar. In the blog post, Malwarebytes' Jérôme Segura says:
This type of pop-under is designed to bypass adblockers and is a lot harder to identify because of how cleverly it hides itself. Closing the browser using the "X" is no longer sufficient. The more technical users will want to run Task Manager to ensure there is no remnant running browser processes and terminate them. Alternatively, the taskbar will still show the browser’s icon with slight highlighting, indicating that it is still running.
He goes on to say:
Nearly two months since Coinhive's inception, browser-based cryptomining remains highly popular, but for all the wrong reasons. Forced mining (no opt-in) is a bad practice, and any tricks like the one detailed in this blog are only going to erode any confidence some might have had in mining as an ad replacement. History shows us that trying to get rid of ads failed before, but only time will tell if this will be any different.
Unscrupulous website owners and miscreants alike will no doubt continue to seek ways to deliver drive-by mining, and users will try to fight back by downloading more adblockers, extensions, and other tools to protect themselves. If malvertising wasn't bad enough as is, now it has a new weapon that works on all platforms and browsers.
Image credit: Sashkin / Shutterstock