Miners of the modern age work in a vile way

More and more websites are abusing Coinhive, a JavaScript-based mining program.

Coinhive is based on the inevitability of JavaScript, although Adblock Plus has nevertheless successfully taken up the fight with it, so far. As the next stage in the cat-and-mouse fight, a new trick came to light, the method looks exactly like this:

• The user visits a website that silently loads the cryptographic code.
  
• The CPU load increases but does not reach the maximum value.
• The user leaves the web page, closes the browser.
• CPU utilization is still high, the mining code is running.

And the trick is that although we closed the browser tab, there is a hidden one that is still open. This pop-up window is located behind the taskbar, right in the lower right corner - the code can adapt to the screen resolution. If a particular Windows theme supports transparency, it is difficult, but in principle, to detect fraud. In the movie below, it’s worth watching the thing live.

Click on the image for a larger version.

Malwarebytes Labs has been investigating, among other things, with a network monitoring utility, and in-depth investigation has found that the latest version of Chrome can't stop events, even with an ad blocker. Google's browser programmers will probably only fix the situation with the release coming in January, where any script that opens another page without our permission will be automatically blocked - anyone interested can already enable it in the experimental features section.