Some websites are surreptitiously opening browsers in the background of users’ computers to discreetly hijack CPU power for crypto mining. The new trick can mine cryptocurrencies even after closing all visible browser windows.
Most Ad-Blockers Can’t Track This New Cryptocurrency Mining Maneuver
The trick uses the browser-based mining service Coinhive. Before, Coinhive would only run while users were visiting a given site.
Once executed, site administrators can sit back and wrack up the mining profits derived from users’ CPUs. Meanwhile, users don’t even know that the website has hijacked their CPU.
This issue came to light when the most popular torrent website Pirate Bay was caught using Coinhive. Ever since, researchers have been giving added attention to this increasingly popular monetization model.
The exploit is particularly nefarious, as the majority of contemporary ad-blockers are unable to currently identify the new “pop-under” mining script in question.
What Coins Are They Mining, and How Big’s the Scope?
For now, researchers have determined that the privacy coin Monero is the mining target for the new Coinhive script.
That’s not surprising for a script that’s being ran in secret.
And according to recent findings by adblocker firm AdGuard, around 500 million people are unknowingly mining cryptocurrencies at present. The firm discovered that 220 of the world’s top 100,000 websites according to Alexa are running the exploit in question.
How to Make Sure You’re Not Affected
Computer running slow? It might be worth checking to see if you have a Coinhive script running in the background of your computer.
To start, close out of any browsers. Then open your Task Manager. Do you see any browsers still running? Then you’re affected — simply use the Task Manager interface to end the task.
After that, try using an anti-virus program that blocks Coinhive and other discreet mining programs from affecting your computer.
Alternatively, there are a ranger of browser extensions you can download that do the same thing. There’s No Coin, of course, which works on browsers like Firefox, Opera, and Google Chrome.
Do you think website administrators need users’ permission before running crypto mining scripts? Let us know below!
Images via Hacker News, Medium