Warning over explosion in web browser-based crypto-mining

Javascript-based mining malware can use CPU cycles to mine for Monero crypto-currency

Cyber crooks are increasingly using a Javascript implementation of the Coinhive service as a means of using other people's computers to 'mine' the Monero crypto-currency.

Researchers at security firm Malwarebytes suggested that attackers are hacking into servers, hijacking plugins and serving up the code across thousands of sites in order to use other people's computing power to mine the crypto-currency.

Web-based crypto-mining has grown in recent the years. Malwarebytes claims that there are a plethora of flaws that enable cyber criminals to easily run malware on servers.

And the firm also claims to have found an entirely new technique that is being exploited in the wild. It claimed that "dubious website owners or attackers" are compromising sites to "keep mining for Monero even after the browser window is closed".

Malwarebytes conducted a range of tests to test this claim. It suggests that results vary depending on the browser that is being used. The security software company claims to have observed the following:

• A user visits a website, which silently loads cryptomining code;
• CPU activity rises, but is not maxed out;
• The user leaves the site and closes the Chrome browser window;
• CPU activity remains higher than normal as crypto-mining continues surreptitiously in the background.

Writing in a blog post, the company explained that even if visible browser windows are closed, hackers are able to tap into one that appears to be closed. But which in reality is still very much open.

"The trick is that although the visible browser windows are closed, there is a hidden one that remains opened. This is due to a pop-under which is sized to fit right under the taskbar and hides behind the clock," said Malwarebytes in an advisory.

"The hidden window's coordinates will vary based on each user's screen resolution, but follow this rule: If your Windows theme allows for taskbar transparency, you can catch a glimpse of the rogue window. Otherwise, to expose it you can simply resize the taskbar and it will magically pop it back up."

Unfortunately, browser-based crypto-mining is becoming all-too-common. "Nearly two months since Coinhive's inception, browser-based crypto-mining remains highly popular, but for all the wrong reasons," added the researchers.

"Forced mining (no opt-in) is a bad practice, and any tricks like the one detailed in this blog are only going to erode any confidence some might have had in mining as an ad replacement.

"History shows us that trying to get rid of ads failed before, but only time will tell if this will be any different."