Websites Use Your CPU to Mine Cryptocurrency Even When You Close Your Browser

Megalith

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
Researchers have discovered a new technique that lets hackers and unscrupulous websites perform in-browser, drive-by cryptomining even after a user has closed the window for the offending site. According to Malwarebytes, it works by opening a pop-under window that fits behind the Microsoft Windows taskbar and hides behind the clock.

This type of pop-under is designed to bypass adblockers and is a lot harder to identify because of how cleverly it hides itself. Closing the browser using the “X” is no longer sufficient. The more technical users will want to run Task Manager to ensure there is no remnant running browser processes and terminate them. Alternatively, the taskbar will still show the browser’s icon with slight highlighting, indicating that it is still running.
 
gxp500 said:
The headline isn't exactly true because the browser is still open, you'll see the tab open at the bottom, is clever though. Gotta drive these fuckers some credit.
Click to expand...


That's just what i was going to say. This is like when steam thinks i've played Warframe for 20,000 hours just because the launcher was open and minimized.
 
I wouldn't mind giving part of my CPU to the sites that are creating nice content, but all these sites send all 32 cores immediately to 100% and that's a bit much. You can't even read their own site properly because the high CPU usage chokes the browser. So, sorry, but I'm just closing them when they do that. So I guess every grandma is going to have to finally learn to shift+right-click now.
 
My Eset antivirus identifies at least some of these and blocks them. I'm happy for that.
 
RogueTadhg said:
new "Free to Play" way of making money - Mining cryptocurrency.
Click to expand...

I want to say that it's been done with some mobile games, but I'm not too sure.

It'd be tricky. You could use the GPU with a game miner (which is way more efficient), but you'd have to carefully balance art direction to keep it so the game isn't taxing on it. You'd also have to build the game around aspects where the player would want to keep it running (e.g. to build resources, in-game credit, etc.), while also being addicting so the player doesn't want to quit.


lironmiron said:
I wouldn't mind giving part of my CPU to the sites that are creating nice content, but all these sites send all 32 cores immediately to 100% and that's a bit much.
Click to expand...

I know right? And CNN doesn't even have a miner, it's just programmed that badly.

I jest, but seriously, that website is a shitshow on what not to do in development. I ran the inspector a while back on it and I think the total download was 40megs for the home page. There's like 100 JavaScript running, and their get requests are through the roof.
 
Last edited:
I don't understand why browsers even allow pop-unders at all, let alone one underneath the task bar.
 
gxp500 said:
The headline isn't exactly true because the browser is still open, you'll see the tab open at the bottom, it's clever though. Gotta drive these fuckers some credit.
Click to expand...
Just wait until they do something to make the tab only 1 pixel wide or something, and then you're proper fucked! :D
 
Seems like this should qualify as a computer crime in many jurisdictions. Unauthorized use of computer facilities. Plus a further charge of crime committed over a telecommunications network. Two charges per website visit X number of website visits. Should be enough to allow the government to assume ownership of the company due to fines owed.
 
Dead Parrot said:
Seems like this should qualify as a computer crime in many jurisdictions. Unauthorized use of computer facilities. Plus a further charge of crime committed over a telecommunications network. Two charges per website visit X number of website visits. Should be enough to allow the government to assume ownership of the company due to fines owed.
Click to expand...

This is one of the functions of government. Not just stop the companies through fines, but to prosecute the people hiding behind the corporate firewall as the criminals they are. This is using deception to steal something from users/visitors. It's the same as picking pockets of people who come into a business.

String up a few to make examples.

I'd actually have more fun if I could somehow send a huge electric charge back through the internet and fry their servers...and their home rigs, as well.
 
I run the task bar on the right side of the screen, I wonder if it actually finds the location of the clock, or just uses the lower left corner as the location?
 
Not that I really want to condone hacking websites, but stuff like this has me wondering how nice it would be to hack the site to divert their plunders. . .Anyone up for being Robin hood?
 
You must log in or register to reply here.
Back
Top