According to the blog published by anti-malware provider Malwarebytes, the new method secretly opens a hidden browser window that sits behind the clock on the Microsoft Windows taskbar and continues to mine cryptocurrency siphoning CPU resources and power from your computer in a way so as not to attract attention from most users.
“The hidden window’s coordinates will vary based on each user’s screen resolution, but follow this rule: Horizontal position = ( current screen x resolution ) – 100 Vertical position = ( current screen y resolution ) – 40,” Malwarebytes Lead Malware Intelligence Analyst Jérôme Segura wrote. “This type of pop-under is designed to bypass adblockers and is a lot harder to identify because of how cleverly it hides itself. Closing the browser using the “X” is no longer sufficient. The more technical users will want to run Task Manager to ensure there is no remnant running browser processes and terminate them. Alternatively, the taskbar will still show the browser’s icon with slight highlighting, indicating that it is still running,” added Segura. He further adds, “Nearly two months since Coinhive’s inception, browser-based cryptomining remains highly popular, but for all the wrong reasons. Forced mining (no opt-in) is a bad practice, and any tricks like the one detailed in this blog are only going to erode any confidence some might have had in mining as an ad replacement. History shows us that trying to get rid of ads failed before, but only time will tell if this will be any different. “Unscrupulous website owners and miscreants alike will no doubt continue to seek ways to deliver drive-by mining, and users will try to fight back by downloading more adblockers, extensions, and other tools to protect themselves. If malvertising wasn’t bad enough as is, now it has a new weapon that works on all platforms and browsers.” As far as stopping this is concerned, Segura notes that users can open Task Manager and kill intensive browser processes being used by the miner or restart the system. If the taskbar is set to transparent, the pop-under can be seen. In addition, resizing the task bar will reveal the hidden window. According to Segura, the technique is working with the latest version of Google Chrome on Windows 7 and Windows 10. As for other browsers and operating systems, the firm says “results may vary.”