Security researchers from Malwarebytes updated their blog with some crucial information about, what they call, “a persistent drive-by crypto-mining”. The article begins with an obvious statement: legitimate mining services like CoinHive are being exploited for malicious purposes.
Crypto-mining does not stop after you close Chrome, Mozilla or any other browser
For the distribution of crypto-miners, websites are hacked, and programs or browser extensions become modified to conduct cryptojacking. At first, it was assumed that computers’ CPU and GPU are safe when browsers’ are closed. However, the new technique, discovered by Malwarebytes researchers, suggests a different scenario.
You think that this is rather impossible, considering that an active browser is a must for crypto-mining to take place? Actually, this sneaky technique is very simple. Even though users turn off the visible browser, crypto-miner manages to create a fake one (in a form of a pop-under). It hides behind the clock (the one in right corner).
Therefore, users will have no idea that a crypto-miner is silently sucking CPU resources and electricity. In fact, some victims of crypto-jacking have indicated that during the mining, their electric bill was bigger than usual. This is due to the fact that crypto-miners consume more electric energy. If you assumed that mining of crypto-currencies is no big deal, please remember than even your wallet could become lighter after you pay all of those electric bills. Besides, who likes to make money for hackers?
According to researchers, this technique is extremely evasive, meaning that regular miner-prevention methods are probably not going to work. Most of the AdBlockers are incapable of detecting this stealthy attack. Therefore, even if you assume that your CPU and GPU resources are well-protected, the reality is very different.
Is there a way to protect computers from this evasive technique?
If you wish to protect your browsers, computers and wallets, you should read this part of the article very carefully. If you think that your system is mining crypto-currencies for unknown parties, check the TaskBar for browser windows. In case you detect something suspicious, kill the process.
On the other hand, you could get an anti-malware tool that automatically blocks all crypto-miners. However, there is also an extension called “No Coin” which is supposed to block all miners. It is available for Chrome, Opera and Firefox.