A practice referred to as drive-by cryptomining has increasingly attracted attention in recent months as a relatively new way for bad actors to generate cryptocurrency. The practice works by leveraging the CPU resources of visitors to websites that have either been hacked or are otherwise malicious, potentially tapping into the power of millions of PCs. The one catch, however, is that the mining only persists as long as someone is on the website, stopping the second a visitor navigates away from the malicious page. A new technique recently discovered by researchers, however, allows for persistent drive-by cryptomining even after someone has left the website or otherwise exited the browser window.
Described by researchers at Malwarebytes (via Ars Technica), the new method discreetly opens a pop-under window that hides behind the clock on the Windows taskbar. Once open, the window sits there, continuing to mine cryptocurrency while eating up CPU resources in a way so as not to attract attention from most users. From Malwarebytes:
This type of pop-under is designed to bypass adblockers and is a lot harder to identify because of how cleverly it hides itself. Closing the browser using the "X" is no longer sufficient. The more technical users will want to run Task Manager to ensure there is no remnant running browser processes and terminate them. Alternatively, the taskbar will still show the browser's icon with slight highlighting, indicating that it is still running.
Interestingly, while CPU usage spikes to above 50 percent while the window is open, the code at work has been designed in such a way as to not max out CPU activity, ensuring that it is more likely to go unnoticed.
The researchers observed the technique working with the latest version of Google Chrome on Windows 7 and Windows 10. As for other browsers, the firm says "results may vary." As Malwarebytes suggests, it might be wise to keep an eye on task manager to make sure no extra browser processes remain running after you've exited the window. If a window is running, the browser's icon should remain highlighted on the taskbar as well.
Here's everything you need to know about the Halo Infinite beta
Halo Infinite test flighting is coming in the near future. Here's how to sign up for the Halo Insider Program and access the beta so you can help 343 Industries test the game.
Try out the official Olympic Games Tokyo 2020 video game for free
Xbox fans and Steam users, get ready for Olympics insanity. The official Olympic Games Tokyo 2020 video game is free to play until Sunday, July 25, 2021!
343i explains what to expect from Halo Infinite's technical preview
343 Industries dives into what players should expect from Halo Infinite's technical preview flights. The first flight still doesn't have an exact date but could be very, very soon.
Best Minecraft toys and gifts 2021
Minecraft is the biggest game in the world, and that means it also comes with one of the biggest selections for merch, toys, and gifts. Here's the definitive list of the best Minecraft toys and gifts for any fan.