Sneaky JavaScript cryptominer hides behind taskbar

For discussions about security.
Post Reply
Message
Author
User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

Sneaky JavaScript cryptominer hides behind taskbar

#1 Post by Flash »

Windows: This sneaky cryptominer hides behind taskbar even after you exit browser
Closing your browser won't stop this JavaScript cryptocurrency miner.

By Liam Tung | November 30, 2017

JavaScript-based in-browser cryptocurrency miners are now borrowing loathed online ad techniques to covertly harvest power from PCs after visiting a site.

Most of the browser-based miners on sites that use the Monero-mining Coinhive service can be stopped simply by closing the browser, which stops them chewing up your CPU.

However, security firm Malwarebytes has discovered a new case where the page will continue mining even after the browser is closed.

The technique relies on a tiny 'pop-under' window, which is sometimes used to load hidden ads. For extra cover, the window is designed to sit behind the Windows taskbar, making it hard to spot.

"The trick is that although the visible browser windows are closed, there is a hidden one that remains opened. This is due to a pop-under which is sized to fit right under the taskbar and hides behind the clock," wrote Malwarebytes researcher Jerome Segura.

In-browser cryptominers have grown in popularity, partly in response to the rise of ad-blockers. Coinhive was proposed as a legitimate alternative to advertising. The Pirate Bay, for example, recently integrated Coinhive in its site for this reason, but annoyed some users by apparently accidentally setting it to use 100 percent of a visitor's CPU. It later dialed it back.

However, JavaScript coin miners are now also being used on compromised sites and sites that continue to serve ads.
So if this is JavaScript, why wouldn't it work in any OS with Java, not just Windows? And would the F11 key uncover the hidden window?
Top
User avatar
Galbi
Posts: 1098
Joined: Wed 21 Sep 2011, 22:32
Location: Bs.As. - Argentina.

#2 Post by Galbi »

Java and Javascript are similar like Car and Carpet are similar.

(I confess to have believed they were related).
Remember: [b][i]"pecunia pecuniam parere non potest"[/i][/b]
Top
User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#3 Post by Flash »

Okay and thanks for the correction, but don't most of the browsers that come with Puppy (I'm thinking mainly of SeaMonkey and Firefox) come with Javascript? I'm trying to find out if this malware won't run in Puppy as well as Windows.
Top
User avatar
perdido
Posts: 1528
Joined: Mon 09 Dec 2013, 16:29
Location: ¿Altair IV , Just north of Eeyore Junction.?

Re: Sneaky JavaScript cryptominer hides behind taskbar

#4 Post by perdido »

Flash wrote: So if this is JavaScript, why wouldn't it work in any OS with Java, not just Windows? And would the F11 key uncover the hidden window?
Some javascript code is platform specific.

.
Top
Post Reply

Return to “Security”