Invisible miner

Specialists with Malwarebytes have discovered a new trick that cybercriminals use to generate cryptocurrency by exploiting system resources of unaware Internet users. It has become common in the last couple of months to inject CoinHive miner into the code of various websites; however, the mining would stop as soon as the user closes the corresponding page. At the moment user computers can keep bringing revenue to criminals not only after they switch to a different site but even if they close the browser window altogether.

This trick, however, can't be called exactly new, because we are talking about pop-under windows. Cybercriminals created a simple code, which opens this window, when a user visits a website with the built-in CoinHive miner. That said, it’s quite difficult to notice the pop-under window: it appears behind one of the Windows design elements – usually behind the taskbar or the clock. This window is the one supporting the mining, even when users close the main browser window thinking they went offline.

Moreover, cybercriminals learnt how to limit miner's “appetites”. Now it doesn’t use most of the CPU, which makes it harder to the user to spot the slowdown and suspect a problem. Nevertheless, it’s not a very difficult task to discover even this secret mining. All you need to do is open the Task Manager: mining will be displayed as browser’s process and its termination will end the session.

source:  Technical Center of Internet

Back to the list