Another week, another worrying vulnerability. This time, Microsoft’s Windows and other platforms are at risk from a new JavaScript cryptocurrency miner. The novel way of attack this time revolves around aping online ad techniques to take power from a PC after visiting a website.
This marks a potentially significant tweak on the browser-based miner attack. Previously, preventing miners on sites could be shut down by simply closing the browser. By doing this, you were cutting off the power supply, so to speak, and stopping the miners from using your CPU.
However, the new method allows JavaScript-based in-browser cryptocurrency miners to continuing harvesting power even when the browser is closed. Security company Malwarebytes found a new type of mining technique where the page continues to mine PC resources once the browser has been shut.
The technique is built on a type of online advertising model call a ‘pop-under’. These are used to load hidden ads and to make sure the window is hard to close. They also sit behind the taskbar on Windows. This means users are unlikely to even see it.
“The trick is that although the visible browser windows are closed, there is a hidden one that remains opened. This is due to a pop-under which is sized to fit right under the taskbar and hides behind the clock,” wrote Malwarebytes.
It is important to understand that miners are not malware in the strictest sense, but they do use hardware without permission (without corrupting it). Security firms have started blocking Coinhive, which was set up as a legitimate alternative.
As users became increasingly annoyed by ads and used ad-blockers, web owners looked for alternatives. One was cryptomining, and Coinhive was an alternative to advertising. It takes a users’ resources and electricity as a revenue stream.
Impact on Users
One problem is, how much CPU is take is down to the site owner. The Pirate Bay used Coinhive but was forced to made changes. Users discovered the company has accidentally set it to take 100% of visiting CPU.
Malwarebytes was one of the security companies to start blocking Coinhive. Now, JavaScript coin miners are being used on compromised websites and even sites with existing ads. This means, many locations are taking visitors’ hardware capabilities without permission.
“Forced mining (no opt-in) is a bad practice, and any tricks like the one detailed in this blog are only going to erode any confidence some might have had in mining as an ad replacement,” Malwarebytes says.
“Unscrupulous website owners and miscreants alike will no doubt continue to seek ways to deliver drive-by mining, and users will try to fight back by downloading more adblockers, extensions, and other tools to protect themselves. If malvertising wasn’t bad enough as is, now it has a new weapon that works on all platforms and browsers.”
