The price of Bitcoin may have suddenly dropped by almost $2000 after passing the $11,000 milestone yesterday, but it’s since regained some ground and is currently worth just under $10,500. These high prices are partly why drive-by cryptomining—a practice that uses the CPUs of website visitors to mine crytpocurrencies—is becoming popular. But researchers have discovered an even more sinister element to these techniques: the sites can continue utilizing other people’s hardware even after they’ve closed their web browsers.
The Pirate Bay said the miner was just a test and it has now been removed. Since then, the same system has been found on websites belonging to Showtime and Politifact. Whether this was the work of the companies themselves or hackers is still unclear.
Having your CPU usage spike when visiting certain websites is definitely annoying, to say the least, but visitors can always just leave the page to stop the drive-by mining. However, a blog post from Malwarebytes Labs yesterday revealed that some sites could keep the software running in the background after users close their browsers.
The system works by opening a pop-under window that’s slotted behind the Windows taskbar and hides under the clock. It will remain hidden from view indefinitely and keeps mining Moreno until a user takes action to close it.
The pop-under window is launched by the Ad Maven ad network, which in turn runs a cyptominer hosted by Amazon Web Services.
CPU usage rises above 50 percent while the window is open, but the code has been designed to ensure the processor isn’t maxed out, thereby reducing the chance of a user noticing something wrong.
The technique works on the latest version of Chrome running on the latest versions of Windows 7 and Windows 10. Users are advised to check their browser icon in the taskbar, which will be highlighted if a window is running. Alternatively, run Task Manager to ensure there are no suspicious extra browser processes.