Websites now using hidden pop-unders to mine cryptocurrency

Posted on Thursday, Nov 30 2017 @ 11:29 CET by Thomas De Maesschalck
Malwarebytes discovered an increasing number of websites are using a new technique to mine cryptocurrency. This whole in-browser cryptocurrency mining trend started a couple of weeks ago and it's pretty controversial as some users find this even worse than ads.

Anyway, the mining stops as soon as the user closes the window or browses to another site, but some unscrupulous websites have found a way to keep the juice flowing even after the window has been closed. By launching the Monero cryptocurrency miner in a pop-under window, the mining job can run for a much longer time as many users will not notice it.

The pop-under hides under the Windows taskbar, behind the clock, and it uses throttling to ensure it doesn't max out the CPU as that could raise suspicion from users.
Malwarebytes Lead Malware Intelligence Analyst Jérôme Segura wrote:

This type of pop-under is designed to bypass adblockers and is a lot harder to identify because of how cleverly it hides itself. Closing the browser using the “X” is no longer sufficient. The more technical users will want to run Task Manager to ensure there is no remnant running browser processes and terminate them. Alternatively, the taskbar will still show the browser’s icon with slight highlighting, indicating that it is still running.
At the moment, it seems this new technique is exclusive used against users that run Chrome on Windows 7 and Windows 10.

hidden miner

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments