As per recent reports, several websites are using hidden cryptocurrency mining scripts and these scripts keep on running in background processes even when you close your browser. These hidden scripts hijack your CPU usage for mining.
Due to the increase in the price range of cryptocurrency, hackers and genuine websites administrators are increasingly using these cryptocurrency mining java scripts to monetize by collecting CPU power from their visitors’ systems.
Recently a popular torrent based website ThePirateBays caught secretly using coin hive which is a cryptocurrency miner service. After that, thousands of websites were found using the same service as an alternative monetization model to ad banner.
The websites that are using cryptocurrency mining services can mine bitcoins or other cryptocurrencies, as much time you stay on their websites and when you close your browser, these services stop working.
But now some security researchers from Malwarebytes found some websites who tricks the visitors to run cryptocurrency miner service in the background even when you close your browser.
How it works?
Researchers of Malwarebytes posted in blog their post that this new technique works by an opening a new hidden pop up window. When you open a website on which this service is enabled, a hidden pop-up window start running in the background and hide itself behind the clock on your Microsoft’s Window.
This hidden pop-up keeps running in the background and mining the cryptocurrency for the website owner by consumption of your CPU power until you notice that pop up and close it and according to the researchers, this technique is difficult to identify and for some ad-blockers its impossible to block this service because it hides itself very cleverly. It keeps the CPU usage at maximum level and maintain the threshold frequency to medium level. These crypto-miners run from a crypto engine which is hosted by Amazon Web Servers.
“This type of pop-under is designed to bypass adblockers and is a lot harder to identify because of how cleverly it hides itself,” Jérôme Segura, Malwarebytes’ Lead Malware Intelligence Analyst, says in the post. “Closing the browser using the “X” is no longer sufficient.”
This technique works on the latest version of Google Chrome web browser and running on latest version of Windows.
If you want to protect your system from these services, then check your performance of CPU from taskbar after closing the browser. If your CPU running on a high state, then simply kill the browser service in Processes tab. You can also use No coin extension for Google Chrome. This extension blocks all cryptocurrency miner services automatically and it also updates itself automatically to check latest scripts and definitions of mining services.