Drive-by cryptomining também conhecido como cryptojacking se transformou em uma das principais ameaças aos usuários on-line. Os pesquisadores estão vindo através de mais e mais casos de abuso envolvendo Coinhive.
The Coinhive mining within a browser explained
The software is easily integrated thanks to its API integration, and is overall simplistic. Contudo, the failure to apply an opt-in process to provide user consent makes it somehow dubious. The result is that the software has been abused to an unbelievable extent, and the trend continues as we speak. We recently wrote about the alarming trend of the increasing number of websites using Coinhive’s script to mine for Monero. Basicamente, researchers reached the conclusion that 1 no 1,000 websites is running Coinhive.
New technique allows malicious actors to continue mining even after a browser is closed
This trend is now going even more problematic as researchers stumbled upon a technique that enables malicious users to keep mining for Monero even after the browser window is closed. The research carried out by Jerome Segura was focused on the Chrome browser but other browsers may be affected as well, com resultados diferentes para cada navegador.
O que acontece depois que um usuário visita um site, que está carregando silenciosamente o código de mineração é que a atividade da CPU está aumentando, mas não está no limite. Depois que o usuário sai do site específico fechando a janela do Chrome, a atividade da CPU de sua máquina permanece mais alta do que o normal. This is a sign that the cryptomining process is not resumed with the closing of the browser. How is this even possible?
Researchers noticed this activity on an adult website known to deploy aggressive advertising techniques. While analyzing the network traffic the rogue browser window was noticed, as well as where it came from and what it loaded.
- The pop-under has been identified – elthamely[.]com – and was detected to launch from the Ad Maven network.
disse brevemente, Ad-maven(.)com é o site de uma plataforma para marketing de desempenho. Ad Maven is considered adware in terms of producing a multitude of adverts redirecting the user to various dubious sites. The network also gains money from those services and the internet traffic that its ads generate.
Even though the visible browser windows are closed, a hidden session remains opened, making the drive-by cryptomining persistent. This is possible thanks to a pop-under made to fit under the taskbar, right behind the clock.
What happens after elthamely[.]com pop-under is loaded from the Ad Maven network? Resources from Amazon cloudfront[.]net are loaded, and a payload is taken from another doman – hatevery(.)informações.
How to stop this new type of drive-by cryptomining a.k.a. cryptojacking
Considering the type of pop-under deployed by malicious actors to bypass adblockers and hide its activity from users, simply closing the browser won’t do. Affected users should run Task Manager to make sure that there are no leftover processes. If such are found, they should be eliminated immediately.
Em conclusão, drive-by cryptomining will surely continue to evolve and become more dangerous to users. Malicious actors will continue to search for means to distribute drive-by mining. Como um resultado, malvertising is becoming even more threatening with this new technique that puts all platforms and browsers at risk.
Considering the current threat landscape, it is strongly recommended that all security measures are into consideration, including the use of an anti-malware program that actively protects the system from all kinds of exploits.
digitalizador SpyHunter só irá detectar a ameaça. Se você quiser a ameaça de ser removido automaticamente, você precisa comprar a versão completa da ferramenta anti-malware.Saiba Mais Sobre SpyHunter Anti-Malware Ferramenta / Como desinstalar o SpyHunter