Are you ready for this? Kicking off cryptocurrencies is possible even with the browser turned off

Recently, we have reported twice about the threat of cryptojacking. Now, due to the raging course of various crypts, criminals, but also website administrators are increasingly using free computing power to make money on users who simply visit websites and websites.

Until recently, the main problem was only those malicious JavaScript scripts that after visiting an infected website (or a completely safe one) started the procedure of using the CPU cycles in a manner deviating from the norm. This allowed you to use (with or without the user's knowledge) the processor power of any computer that was not protected by the security software or extension blocking the JavaScript excavator. Some websites have deliberately replaced ordinary advertisements with excavators, while others have simply been hacked.

Cryptojacking getting more and more dangerous

Until now, the cryptocurrency was being excavated until the browser tab was closed. Unfortunately, cryptojacking begins to evolve - even with the theoretically closed browser, it is possible to consume CPU cycles to a large extent.

Security researchers from Malwarebytes discovered on another malicious site other malicious JavaScript code that was downloaded, including from Amazon servers.

This script, after closing the browser by simply clicking on "X", nevertheless triggered the new browser process in a way almost imperceptible to the user:


The hidden browser runs in the background and uses the processor's power.

An old pop-under technique that remembers the 20th century allows you to launch the browser in the background. The browser window is not visible on the system tray and in the system tray. It is almost invisible to the human eye.

Closing the program with "X" is no longer sufficient. Fortunately, running the browser process visible in the task manager reveals the intentions of the website from which the malicious script was launched.


Observation of the Windows system bar ... It must be interesting.

How to protect yourself?

In the same as in the case of "traditional" JavaScript excavators, but with special attention to the processes of browsers and "invisible" windows in the system tray. In addition, we recommend:

  1. In the public GitHub repository there is a " No Coin " plugin for Firefox , Chrome and Opera browsers . The extension has already been added to the official repositories of each manufacturer. We recommend its installation, because the extension protects not only by the described script for digging Monero, but also from excavators of other cryptocurrencies.
  2. A similar effect is achieved by installing the " uBlock Origin " ad blocker. And that should be enough. What's more, we also gain the ability to block ads, spam hosts, hosts with malicious ads, spyware hosts and malware hosts.
  3. We install a very effective Bitdefender Trafichlight or McAfee WebAdvisor plug-in to scan web pages. By installing such an add-on, we receive one of the most effective scanners in the world to detect phishing, malware and websites with scams, as well as protection in search results.
  4. Most security programs that have a module to scan websites should detect similar malicious scripts.

The argument of so-called "advanced users" about the uselessness of anti-viruses is overthrown by the "other side". It is not a secret that the protection of your computer should start with the protection of your browser, so antivirus software must have a module that scans websites for malware and malicious content.



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.