back to article Hey girl, what's that behind your Windows task bar? Looks like a hidden crypto-miner...

Miscreants have found a way to continue running cryptocurrency-crafting JavaScript on Windows PCs even after netizens browse away from the webpage hosting the code. Researcher Jerome Segura of Malwarebytes said on Wednesday his team discovered scumbags had written some custom code to keep Coinhive's freely available in-browser …

  1. gerdesj Silver badge

    Because you can't be arsed

    As it turns out: not everyone runs Windows. There are a few Unix styled boxes around, some are fruity but the rest are useful.

  2. Charles 9 Silver badge

    Re: Because you can't be arsed

    But if you read the article, you'll note that the process itself is mostly platform-agnostic. It's just that the "secret" window may find it harder to hide in unfamiliar territory, but given that most systems possess some kind of taskbar or analogue, browser fingerprinting can potentially allow it to hide virtually anywhere. Failing that, it could try to find ways to position the window along an edge so only a very obscure line would be visible.

  3. rmason Silver badge

    Re: Because you can't be arsed

    @geresj

    Unix systems never use browsers?

    You live and learn.

  4. Rich 11 Silver badge

    Re: Because you can't be arsed

    Or maybe it's just some Unix users who refuse to browse with anything other than Lynx.

  5. phuzz Silver badge

    Re: Because you can't be arsed

    Given that this coin mining software will need to be run across millions of devices to be worthwhile, why would anyone take time out to find a way to secretly run it on a unix box, when the same amount of time and effort could be spent getting it to run on Windows machines, thus reaching an audience probably at least 100 times larger?

  6. Mage Silver badge

    Re: Because you can't be arsed

    … to run NoScript properly configured.

    No platform is immune from evil on the Internet. Worst is 3rd party domain javascript, esp. in adverts. BBC and CNN have served malware.

    When will Advertisers and Webmasters / owners learn? Anything other than the same URL for everyone image and a link is evil.

  7. Doctor Syntax Silver badge

    Re: Because you can't be arsed

    "why would anyone take time out to find a way to secretly run it on a unix box"

    It's written in Javascript so no effort at all is needed to make it run on a Unix box. The browser provides the platform. Pop-under windows are also a feature of the browser so what works on the browser on one OS is going to work on another.

    Noscript is your friend.

  8. d3vy Silver badge

    Re: Because you can't be arsed

    "Given that this coin mining software will need to be run across millions of devices to be worthwhile"

    Actually with the curent trading price of monero you could probably get a fairly decent return from anything above 500 machines.

    Generally I believe coinhive say that the to make it profitable vs adverts you need around 2000 users spending 10-20 mins on your site (Its been a while since I read this so it might not be accurate still) so if you can trick users into running the script for a few HOURS then you will need far fewer people.

  9. Anonymous Coward
    Anonymous Coward

    Re: Because you can't be arsed

    Lynx? You're lucky... when I were a lad all we had was wget...

  10. Alistair Silver badge
    Windows

    Re: Because you can't be arsed

    wget? Hrumph! had to use Kermit we did!

  11. Kiwi

    Re: Because you can't be arsed

    Kermit? LUXURY!

    Why, we had to use pen and paper, while walking BAREFOOT across the road to school, DOWNHILL both ways, on a mild summer's day!

  12. Claptrap314 Bronze badge

    Re: Because you can't be arsed

    The last Firefox update rendered noscript unusable. Also a couple websites unviewable.

  13. The Dogs Meevonks

    Re: Because you can't be arsed

    I found that out yesterday, thought I'd got some kind of infection that all of my security/protection had missed.

    Nope... just the fact that NoScript 10.1.3 was the culprit... I returned to 10.1.2 and everything was fine again... after double checking and comparing to another system that doesn't get firefox updated as often.

    Today after retesting this afternoon after a fresh boot... all is good again and 10.1.3 works once more... But I am having to relearn some sites... once of which was an internal one to my mediaserver.

  14. JLV Silver badge
    Boffin

    Re: Because you can't be arsed

    NoScript is back on FF57 Quantum and has been for about a week.

    Mine re-enabled itself somehow without me having to do anything. Looks legit enough though - same whitelists as before for each site.

  15. Jonathan Schwatrz Bronze badge
    Happy

    Re: Kiwi Re: Because you can't be arsed

    But did you get sliced in two with a bread knife?

  16. RegGuy1

    Re: Because you can't be arsed

    Kermit. Fucking hell, I've not used that in a looong time!

  17. veti Silver badge

    Finally, a reason to move the task bar

    Just 20 years after Microsoft gave us the capability, at last there's a reason to do it.

    Unfortunately it would mean relearning 20 years' worth of muscle memory and habit - but hey, nothing's for free, right?

  18. Teiwaz Silver badge

    Re: Finally, a reason to move the task bar

    Traditional taskbar layout 'just doesn't look right' any orientation but horizontal (to me, anyway).

    And I've been using 'Linux soley (home system anyway) for 18 years.

    It's the clock and the system tray that don't look right mostly...

  19. bazza Silver badge

    Re: Finally, a reason to move the task bar

    Yet the same trick works on Linux and everything else too. It's the HTML/Javascript standards that allow this, and they're everything to do with Browsers, not operating systems.

  20. Teiwaz Silver badge

    Re: Finally, a reason to move the task bar

    Yet the same trick works on Linux and everything else too.

    + Although proly not on a Tiling Wm.....

    ...well, not unless you've set your browser to Float all the time.

    + Many 'Linux Desktops these days have unmovable panels that nothing can hide under (Gnome, Unity).

    +Then there are the hard-asses that have gone desktop comando (no pants, erm, panels whatsoever)....

  21. Charles 9 Silver badge

    Re: Finally, a reason to move the task bar

    Even without a taskbar, it may be possible to "shade" the window by putting it right on the edge so you'd have to spot a very thin line in order to know the window's there. Actually, a taskbar will be of help here since it can make you aware a browser window's still open.

  22. bombastic bob Silver badge
    Devil

    Re: Finally, a reason to move the task bar

    "Actually, a taskbar will be of help here since it can make you aware a browser window's still open."

    a good point. There may be a way to have it display "iconless" though. I haven't tried. But if it's a top level window, it will most likely be in any task bar that has icon windows listed in it.

    I run Mate with the upper panel having the CPU monitor in it. If I see unusual CPU activity, I typically kill that application and re-start it. Usually it's Firefox, due to garbage collection and being left open on 7 virtual desktops with 20 or 30 tabs for days or weeks on end. Sometimes it's something else. but if you see consistently high CPU usage, it's often a problem with the application. And if it's bitcoin mining, THAT would put a stop to it REALLY QUICK.

    That, and running 'NoScript'.

  23. Nick Ryan Silver badge

    Re: Finally, a reason to move the task bar

    The original "task bar" (start menu) in Windows was designed to be at the top of the screen however I understand that Microsoft Legal stepped in as this could have caused them some serious problems if manufacturers of other OSes complained. There may also have been design considerations where menus were stacked together, as in the OS shell menu and an application menu however as the task bar was designed to be very different to an application windows's title bar I don't really see this as an issue.

    It was almost certainly a last minute change and as a result of this, and doubtless and bit of obstinancy, it was possible from the outset to put the menu back in the designed location, the top of the screen, even if the default was set to the bottom.

    When you think about the original Windows start menu being located at the top of the screen it makes considerable more sense as the first thing on the start menu really shouldn't be shut down as this was entirely the reverse of common sense and all existing menus. The All Programs folder would have been at the top and Shutdown/Exit at the bottom which also made a lot more sense.

  24. Doctor Syntax Silver badge

    Re: Finally, a reason to move the task bar

    Just set the task bar to autohide.

  25. Mage Silver badge

    Re: Finally, a reason to move the task bar

    Top of screen makes most sense. I have my programs menu and running applications panel there on autohide and autowidth. Less easily triggered visible as it's near title bars. I have autohide panels on the three other edges:

    Left: Local look up stuff / management (Calibre, Control panel, Filemanager)

    Right: Remote stuff (FTP/SFTP, Browsers, email, Shh, chat etc)

    Botttom: Like applications, it has status (CPU, Keyboard state, Network state, USB manager, Bluetooth etc).

    Easy to do on Mint + Mate and save for all users. Windows has become horrible with its pinning and unreadable flat icons and poor customisation, like back to Windows 1.0 and 2.0. The 3.11 was better, you could even make a desktop window like a pinned taskbar menu!

  26. Anonymous Coward
    Facepalm

    Re: Finally, a reason to move the task bar

    Or Microsoft could fix their mess and not allow windows to be hidden behind the taskbar.

  27. Spanners Silver badge
    Happy

    Re: Finally, a reason to move the task bar

    As we are getting wider/narrower screens all the time, the best place for me is at the side in some of the waste space that I now have. I prefer it on the ,left for the same reasom that I prefer to drive there - I'm mostly right handed. YMMV on that.

  28. d3vy Silver badge

    Re: Finally, a reason to move the task bar

    "Just 20 years after Microsoft gave us the capability, at last there's a reason to do it.

    Unfortunately it would mean relearning 20 years' worth of muscle memory and habit - but hey, nothing's for free, right?"

    I have mine set to auto hide anyway * , no changes to muscle memory needed as when the mouse moves down its there.

    * I dont like the clutter!

  29. 404 Silver badge
    Joke

    Re: Finally, a reason to move the task bar

    My taskbars have been up top for many years now because... you know... gravity. Machines run faster ;)

  30. ThomH Silver badge

    Re: Finally, a reason to move the task bar

    The apocryphal version I heard was that there were no Windows 3.1 apps that had an issue with screens being different sizes, there were some that had issues with the origin of the user-interactable area not being (0, 0), and the coordinate system was a shared and exposed resource with no coherent way to offer different versions to different apps.

    So the start bar went at the bottom because there were too many significant apps that either assumed the top left was (0, 0) when maximised or had a bad habit of spawning new windows at (0, 0), no coherent way to lie to them about the coordinate system, and too many edge cases in every attempted kludge.

    But unless and until I read it on something like Raymond Chen's excellent The Old New Thing, I'll continue to take that alleged version of events with a pinch of salt.

  31. Simon Harris Silver badge

    Re: Finally, a reason to move the task bar

    "* I dont like the clutter!"

    Maybe I'm just greedy, but I auto-hide it because I want that extra 40 lines of pixels all for myself!

  32. Orv Silver badge

    Re: Finally, a reason to move the task bar

    I have the dock on the left on my Mac and my Chromebook. Never felt like the Windows taskbar functioned very well in that position, though.

  33. Dinsdale247

    Re: Finally, a reason to move the task bar

    They already tried that. It was called Windows 8 and you all complained.

  34. Anonymous Coward
    Anonymous Coward

    'If malvertising wasn’t bad enough as is'

    Speculators made millionaires of a lot of wannacry extortionists and hacker scumbags etc this month. Who knows, maybe they'll give up their craft???

  35. Doctor Syntax Silver badge

    Re: 'If malvertising wasn’t bad enough as is'

    "Speculators made millionaires of a lot of wannacry extortionists and hacker scumbags etc this month."

    Until that bubble bursts.

  36. Anonymous Coward
    Anonymous Coward

    'Until that bubble bursts.'

    The malware-writing cyber-crims have cashed out early as millionaires... (Ahead of regulation + money-laundering checks)..

  37. Anonymous Coward
    Anonymous Coward

    I'm old school

    Like chess-by-mail, I do the internet by correspondence.

    I am currently waiting for a ping letter...

  38. Teiwaz Silver badge

    Re: I'm old school

    I'm old school

    Like chess-by-mail, I do the internet by correspondence.

    I am currently waiting for a ping letter...

    Read that as Cheese by mail

    ...If it sounds like a good idea, I've got dibs...*

    'How are we on tilsit, red leicester, Venezualan beavers cheese'...

    * Yes, the website will be playing bouzouki music

  39. redpawn Silver badge

    Re: I'm old school

    With Spectrum internet they do a good job of simulating this.

  40. Kiwi
    Unhappy

    Re: I'm old school

    Like chess-by-mail, I do the internet by correspondence.

    I am currently waiting for a ping letter...

    Most of the time lately my current feed is like that, but with an electric typewriter attached.

  41. Frumious Bandersnatch Silver badge

    continuations...

    Hello, lambda calculus ...

    (I wonder will this curry favour with the readers?)

  42. bombastic bob Silver badge
    Joke

    Re: continuations...

    "I wonder will this curry favour with the readers?"

    lambda curry, and the enjoyable smells afterwards (give it an hour or so if it's properly spiced)

  43. Forget It
    Coat

    Firefox remedy via addon (WE)

    https://poperblocker.com/firefox/

  44. Anonymous Coward
    Anonymous Coward

    NoScript helps here, but be careful. Some of these popups are actually gates, meaning blocking them means you can't proceed.

    Also, I'm not too pleased with the script requirements for that homepage. For a site that touts protecting privacy, they don't adhere to privacy-protecting KISS principles.

  45. Anonymous Coward
    Anonymous Coward

    We pay nothing for no-script and it's bloody invaluable. Let them hawk some stupid pc performance boost Ads if they want, got to make a living somehow...

  46. Charles 9 Silver badge

    Not talking NoScript. They actually keep things simple. It's the Poper Blocker homepage I'm complaining about. And by my philosophy, if you can't get by without begging, you're in the wrong line of business.

  47. Mage Silver badge

    popups are actually gates,

    "Some of these popups are actually gates, meaning blocking them means you can't proceed."

    GOOD!

    Idiots. I've not found a problem whitelisting SOME javascript domains on sites I visit regularly.

  48. Doctor Syntax Silver badge

    "We pay nothing for no-script"

    Be a good A/C and give them a donation now and again.

  49. lglethal Silver badge
    Go

    Anyone got a replacement for NoScript? The new Version for Firefox 57 is atrocious and totally user unfriendly. Until they get it back to the ease of use of the old one, I need to find something else...

  50. Anonymous Coward
    Anonymous Coward

    @ lglethal

    You could trade off the new features of 57 for an older version where extensions still work properly.

    It's a trade off in using old version (where all your plugins happily work) vs. not having latest version & so not all security related patches. An awkward call, I prefer older version as I have more control over the browser (& when a must have security patch appears I'll switch to a Firefox fork that supports old style extensions but has security patches). I'm loyal to my "must have" extension functionality rather than any particular browser

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2018