Browser-based drive-by cryptomining keeps running even when closed

JC Torres - Nov 30, 2017
Browser-based drive-by cryptomining keeps running even when closed

The fact that people mostly live their computing lives inside their browsers hasn’t escaped attention. Browser makers are adding more power and giving browsers more access to hardware. Google has even made an entire OS based on a web browser. And now, malware authors are scrambling to take advantage of all those. This latest development is a bit more cunning though because, instead of outright demanding payment or use misleading and harmful ads, it generates money by exploiting your computer’s hardware to mine for cryptocurrency.

They say money doesn’t grow on trees, but these days they can be mined instead. Cryptocurrencies like Bitcoin and, in this case, Monero, are generated by utilizing a computer’s CPU or GPU to crunch numbers, an act called “mining” in cryptocurrency language. This has led some users to setup farms of computers just for that purpose. But why spend that amount of money and effort when you can enlist other users’ computers without their knowledge.

Drive-by mining, as security company Malwarebytes calls it, is made possible thanks to the development of Coinhive, a Javascript-based mining program specific to the Monero cryptocurrency. Utilizing Javascript, Coinhive is able to sneak code into websites and use the browser’s access to computer hardware, even though limited, to start mining. One the one hand, it is good because it doesn’t install any malware on the computer. On the other hand, it’ll burn through your CPU cycles and slow your system down.

Drive-by mining has one flaw. Or at least had one. Since it’s browser-based, it stops mining when you close the browser. Now some unscrupulous individuals have found a way around that by practically opening a tiny browser window that hides itself under the Windows taskbar. So when you thought you’ve actually closed, say, Chrome, there’s still one hidden browser window making money for someone other than you.

The good news, at least for now, is that it’s easy to fix and avoid. When you close your browser and still notice some slowdown, go to the Windows Task Manager and check if there are wayward browser processes still open and kill them. Then try to avoid visiting suspicious sites. Unfortunately, this might just be the beginning and, as browsers themselves become more sophisticated, malware authors and less conscientious elements might also become more creative.

SOURCE: Malwarebytes

Must Read Bits & Bytes