Casa > cibernético Notícias > Drive-By Cryptomining Continues After the Browser Is Closed
CYBER NEWS

Drive-by Cryptomining continua após o navegador for fechado

WaterMiner Monero Miner

Drive-by cryptomining também conhecido como cryptojacking se transformou em uma das principais ameaças aos usuários on-line. Os pesquisadores estão vindo através de mais e mais casos de abuso envolvendo Coinhive.


The Coinhive mining within a browser explained

What is Coinhive? Coinhive was created in September this year. Simply explained, the software allows Monero mining directly within a browser. Conforme explicado pelos desenvolvedores do software, Coinhive offers a JavaScript miner for the Monero Blockchain that can embed in a website. Os usuários do site executar o mineiro diretamente no seu navegador e os meus XMR para o dono do site, por sua vez para uma experiência ad-free, moeda do jogo ou o que incentivos você pode vir até com.

Story relacionado: Monero criptomoeda a seguir Bitcoin em popularidade Criminal?

The software is easily integrated thanks to its API integration, and is overall simplistic. Contudo, the failure to apply an opt-in process to provide user consent makes it somehow dubious. The result is that the software has been abused to an unbelievable extent, and the trend continues as we speak. We recently wrote about the alarming trend of the increasing number of websites using Coinhive’s script to mine for Monero. Basicamente, researchers reached the conclusion that 1 no 1,000 websites is running Coinhive.


New technique allows malicious actors to continue mining even after a browser is closed

This trend is now going even more problematic as researchers stumbled upon a technique that enables malicious users to keep mining for Monero even after the browser window is closed. The research carried out by Jerome Segura was focused on the Chrome browser but other browsers may be affected as well, com resultados diferentes para cada navegador.

O que acontece depois que um usuário visita um site, que está carregando silenciosamente o código de mineração é que a atividade da CPU está aumentando, mas não está no limite. Depois que o usuário sai do site específico fechando a janela do Chrome, a atividade da CPU de sua máquina permanece mais alta do que o normal. This is a sign that the cryptomining process is not resumed with the closing of the browser. How is this even possible?

Researchers noticed this activity on an adult website known to deploy aggressive advertising techniques. While analyzing the network traffic the rogue browser window was noticed, as well as where it came from and what it loaded.

  • The pop-under has been identifiedelthamely[.]com – and was detected to launch from the Ad Maven network.

disse brevemente, Ad-maven(.)com é o site de uma plataforma para marketing de desempenho. Ad Maven is considered adware in terms of producing a multitude of adverts redirecting the user to various dubious sites. The network also gains money from those services and the internet traffic that its ads generate.

Story relacionado: Remover Ad-maven(.)com Anúncios totalmente do seu PC

Even though the visible browser windows are closed, a hidden session remains opened, making the drive-by cryptomining persistent. This is possible thanks to a pop-under made to fit under the taskbar, right behind the clock.

What happens after elthamely[.]com pop-under is loaded from the Ad Maven network? Resources from Amazon cloudfront[.]net are loaded, and a payload is taken from another doman – hatevery(.)informações.

Researchers also noticed functions from the Coinhive documentation designed to check whether a browser supports WebAssembly, a low-level bytecode format for in-browser client-side scripting, which evolved from JavaScript. The feature allows the user to fully use the hardware’s capacity directly from the browser. If the browser doesn’t support WebAssembly, it would return to the slower JavaScript version.


How to stop this new type of drive-by cryptomining a.k.a. cryptojacking

Considering the type of pop-under deployed by malicious actors to bypass adblockers and hide its activity from users, simply closing the browser won’t do. Affected users should run Task Manager to make sure that there are no leftover processes. If such are found, they should be eliminated immediately.

Em conclusão, drive-by cryptomining will surely continue to evolve and become more dangerous to users. Malicious actors will continue to search for means to distribute drive-by mining. Como um resultado, malvertising is becoming even more threatening with this new technique that puts all platforms and browsers at risk.

Story relacionado: Como remover Coinhive Monero Miner Trojan de seu PC

Considering the current threat landscape, it is strongly recommended that all security measures are into consideration, including the use of an anti-malware program that actively protects the system from all kinds of exploits.

Baixar

Remoção de Malware Ferramenta


digitalizador SpyHunter só irá detectar a ameaça. Se você quiser a ameaça de ser removido automaticamente, você precisa comprar a versão completa da ferramenta anti-malware.Saiba Mais Sobre SpyHunter Anti-Malware Ferramenta / Como desinstalar o SpyHunter

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...