In the previous research work conducted by security firms, it was found that a miner could be run as long as the browser was running; close the browser and mining activity stops. However, as per the latest technique spotted by Malwarebytes, some dubious website owners can mine digital coins like Monero even after browser window is closed.
How is persistent cryptocoin mining taking place?
It was found that when a user visits a website, there’s a small increase in the CPU activity. As the activity is not maxed, the user doesn’t notice anything unusual. Once the user closes the browser window, the CPU activity remains higher than normal and cryptomining continues. So what’s the catch? How are cybercriminals able to do this?
Even when you close the browser window, there’s one hidden pop-under window that remains open. It’s sized to fit under the taskbar and hides behind the clock. The coordinates of this window might vary, but it generally follows x -100 and y -40 position rule.
You can expand the taskbar to spot the window; enabling transparency can also help you.
It’s worth noting that this persistent mining is designed to bypass adblockers. To spot any such activity, you can run Task Manager and ensure that there are no browser processes running. You can also look for the highlighted browser icon in the taskbar.
Such fraudulent practices are bad for cryptomining’s reputation as a replacement for advertisements on the web. What are your thoughts on this issue? Don’t forget to share your views with us.