back to article Hey girl, what's that behind your Windows task bar? Looks like a hidden crypto-miner...

Miscreants have found a way to continue running cryptocurrency-crafting JavaScript on Windows PCs even after netizens browse away from the webpage hosting the code. Researcher Jerome Segura of Malwarebytes said on Wednesday his team discovered scumbags had written some custom code to keep Coinhive's freely available in-browser …


              1. lglethal Silver badge

                Unfortunately, I have noticed the speed gain in 57. Maybe its not huge but the fact that it is noticable at all says quite a lot. So I'm reluctant to go back to old Firefox.

                As such, I am pretty much looking for something else other than NoScript as I'm not overly confident that they will be able to turn it back into a user friendly interface. The old "trusted/untrusted/default to untrusted/temporarily allow" combination was intuitive and easy. I taught my mother to use it in 5 minutes with ease (and it has sense saved me a ton of malware call-outs!). But this new Version - where trusted doesnt really mean trusted it means trusted to do certain things and maybe only on https or maybe not, and untrusted does not necessarily mean untrusted and Default can mean something else entirely. My mother is not going to understand why she should (for example) allow scripts, but not fetchs. I'm all for giving advanced users and those who want fine grained controls to have them in the advanced Options, but forcing that on every day users. gahh...

                Sorry end rant... ;)

            1. Anonymous Coward
              Anonymous Coward

              uMatrix. It lacks some features (though I think a lot of those are also missing from the WebExtensions version of NoScript), but the javascript blocking is the same, in fact uMatrix had the more granular control of blocking cookies, scripts and frames before NoScript and has a much simpler interface for it.

              1. lglethal Silver badge
                Thumb Up

                I will give it a try! Cheers!

            2. J. Cook Silver badge

              uMatrix works pretty well, and allows you to be a lot more selective as to what it blocks/unblocks.

              I was pointed at it after a raging night with NoScript's refusal to remember a setting I had just put in, and haven't looked back.

      1. Mage Silver badge

        popups are actually gates,

        "Some of these popups are actually gates, meaning blocking them means you can't proceed."


        Idiots. I've not found a problem whitelisting SOME javascript domains on sites I visit regularly.

  1. Anonymous Coward
    Anonymous Coward

    Download Blocked -

    Saw this on SodaPDF support site when a search on their knowledge base is entered, Kaspersky to the rescue for non-US Gov users atleast.

  2. Anonymous Coward
    Anonymous Coward

    browser popups

    At this point in time, is there still a browser left which does not redirect popup windows to tabs - either by default or at least as an option?

    It is much harder to miss a new tab suddenly popping up ...

    1. Charles 9 Silver badge

      Re: browser popups

      Most do, but there are ways around it.

  3. arctic_haze Silver badge

    Auto-hide, Sherlock!

    "Auto-hide the taskbar" is the solution. I'm not sure it's available in Windows 8 and 10 because I successfully avoided upgrades but in Windows 7 it works beautifully.

    1. Spanners Silver badge

      Re: Auto-hide, Sherlock!

      It works on Windows 10,.

      There's an option "Automatically hide the taskbar in desktop mode".

      I haven't tested the button underneath for tablet mode as for tablets I use Android.

  4. Tom 7 Silver badge

    CPU monitor permanently on.

    Just make sure you can see what your CPU is doing. I occasionally get people trying to mine on my machine and the cpu monitor lets me know - and often the fans kicking in drowning out everything,

    1. Anonymous Coward
      Anonymous Coward

      Re: CPU monitor permanently on.

      > and often the fans kicking in drowning out everything,

      You've got some pretty unruly fans there. Are you a rock star?

  5. Terry 6 Silver badge

    Let me get this right.

    The article seems to be saying that these pop-unders are running out of sight when users close all the visible windows in the browser, but don't close the browser itself. So..... exiting the browser and not just xing the individual windows is all that is needed to be sure. Probably a good idea anyway - especially if you've been to web sites likely to have hidden nasties.

    And if the browser is still running, wouldn't it still be showing at the bottom of the screen?

    1. Neil Barnes Silver badge

      Re: Let me get this right.

      I wonder what happens in this case if you have your browser set to open all the windows open when you closed it (as I have)? I'd assume it would then re-open the offending|offensive miner.

    2. Nick Ryan Silver badge

      Re: Let me get this right.

      "Exiting the browser", as in using the File -> Close menu item, generally doesn't do anything more than close the current window. A pop up/under window is usually another instance of the browser and therefore a different process which is unaffected by closing a different instance to it. Closing a window will close all the tabs in it - although Microsoft are doing their level best to break this standard as much as possible in IE/edge of course.

      Yes, the symptom will be that you have no visible browser windows open however you may notice one in the OS's task bar. Some OSes, such as Windows Vista and 7, particularly in non-aero mode, make noticing whether or not an application is running or if it's just a launch icon very difficult. An application usually has to register a window with the OS's shell user interface in order to show as a switchable task, as a result it is relatively easy to hide a running task entirely - this does vary between OS shells though.

      1. Anonymous Coward
        Anonymous Coward

        Re: Let me get this right.

        > "Exiting the browser", as in using the File -> Close menu item, generally doesn't do anything more than close the current window.

        Which platform? Mine has File > Close Tab (Ctrl+W), File > Close Window (Shift+Ctrl+W) and File > Quit (Ctrl+Q) so there should be no confusion, apart from Ctrl+W and Ctrl+Q being inconveniently close together on a QWERTY keyboard.

    3. Mage Silver badge

      Re: Let me get this right.

      Exiting browser can leave the browser running nowadays, sadly.

  6. tin 2

    Finally, an argument for...

    Setting my taskbar to windows 95 style icon+text and one for each window. Never got on with this stacking lark in win 7 so I restore it to old-school every time. New mysterious windows are VERY visible then.

    1. Neil Barnes Silver badge

      Re: Finally, an argument for...

      I am not alone! One window, one icon+text.

      1. tin 2

        Re: Finally, an argument for...

        Yeahhhs! Let us rejoice in our refusenik-ness!

      2. Anonymous Coward
        Anonymous Coward

        Re: Finally, an argument for...

        > I am not alone! One window, one icon+text.

        Definitely not alone! Plenty of people still run one program at a time. >:)

  7. Anonymous Coward
    Anonymous Coward


    Wish there was a way to redirect the script so it runs on their server and see how they like it.

    1. d3vy Silver badge

      Re: Redirect

      "Wish there was a way to redirect the script so it runs on their server and see how they like it."

      To be fair when its done properly and with the users permission instead of ads its pretty good, the users don't get distracted by ads and the site owner still gets some income.

      The issue is when the site has been compromised and the site owner is not aware that it is happening, in that case your suggestion hardly seems fair as the server would just belong to a completely innocent party.

  8. Anonymous Coward
    Anonymous Coward

    Complete popup-blocker for Chrome users:

    Catches all the various JavaScript tricks and so on used to try to get around the default blocking.

  9. John Robson Silver badge

    All Browsers?

    Will it work with Links?

    Or should I carry on browsing in a nice readable way?

  10. RyokuMas Silver badge

    Business model?

    This is probably going to get me downvoted to hell, but I just want to explore the idea...

    We're all sick of adverts on our websites. We all hate ads and the free-to-play model in our mobile apps and games. But the fact remains that devs, hosting, content providers and all the other resources do need to be paid for, which leads us to where we are now.

    What if on a website, alongside the "this site drops cookies" message, there is another notification, something like "this site needs to pay its way, so rather than put up a paywall or bombard you with ads, 10% of your processing power will be used to mine crypto - using the site means you agree to this". Or a similar message on the start screen of an app, with the possibility of increasing CPU allocation used for mining in place of currency-based in-app purchases.

    What if someone tried to use this as a legitimate business model? Rather than having to hide behind pop-under windows, be up-front and say "hey, we're doing this so you don't have to pay or deal with crappy ads!"

    Colour me curious...

    1. Patched Out

      Re: Business model?

      This is exactly the purported reason for coinhive in the first place. However, the developers naively did not consider that it would be abused by every malware miscreant on the planet.

      They no longer support coinhive and now have a fork that will not run without user authorization, but the genie has been let out of the bottle, the horse has left the barn, the chickens have flown the coop, Pandora's box has been opened, etc.

      1. Seajay#

        Re: Business model?

        The better model I think (and it's one which is heavily promoted by CoinHive) is mining as a catcha replacement. Go to sign up for a free site and instead of saying "click to prove you are not a robot" it says "click here to mine a tiny amount for us, if you're a robot that's fine, we're still getting paid."

    2. Patrician

      Re: Business model?

      I would immediately close the browser window and never go back to that site.

      1. Kiwi Silver badge

        Re: Business model?

        I would immediately close the browser window and never go back to that site.

        Problem is, one day you may not have a choice but to never go back to that site, or many others.

        Advertising kinda works, but as more and more people get sick of ads and find blockers, advertising gets less effective.

        Hosting sites costs money, although widespread fibre is making home based hosting faster - but there are significant security considerations.

        As advertising dies (Yay!) there'll have to be other ways for sites to pay their way. Some will use paywalls, some will use donations, many will disappear. We may soon find a situation where much of the web requires some form of payment to proceed.

        I'd love it if El Reg were to do something like this, and a few of other sites I like. I'd happily keep a tab open for each, let them mine to their hearts content (well, as much CPU as they can get from me anyway). )

  11. Horridbloke

    Next step

    All the cryptomining perps have to do in the next round is give the mark a compelling reason to leave the window open. Social Media? Stock Monitor? Hugely clever customisable notification solution? Or perhaps the next big thing that makes absolutely no sense to anyone over forty?

    It's another arms race.

    1. Seajay#

      Re: Next step

      If they do that (and make it clear that's what they're doing) then it's absolutely fine.

      If they're providing me with something of so much value that I want to leave it open all the time, it's perfectly reasonable that I should provide them with a bit of mining time. The current situation is a problem because a domain squatter whose site I don't actually want to see at all might be able to trick me in to mining for him.

  12. CrysTalK

    Block js.miners via hosts file on your router or OS

    on linux OS or routers powered by linux OS just edit: /etc/hosts

    if on windows then just edit: windows\****\drivers\etc\hosts

    Restart your machine after applying changes on your hosts file.

    You're welcome.

    1. Anonymous Noel Coward

      Re: Block js.miners via hosts file on your router or OS

      Uh, I'm pretty sure you don't need to restart your machine after updating the HOSTS file...

    2. Charles 9 Silver badge

      Re: Block js.miners via hosts file on your router or OS

      Many of us can't access the HOSTS file (computers that aren't ours tend to restrict access for obvious reasons). And what about mobile devices you don't want to root?

  13. Anonymous Coward
    Anonymous Coward

    I might have misunderstood

    But don't a lot of people change windows by pressing alt-tab? I never really do it any other way. Wouldn't that bring up the unknown window?

  14. nikos

    why bother hiding under the taskbar and not just send the window outside the monitor?

    1. Nick Ryan Silver badge

      Not all OS shells allow windows outside of the monitor display area, for good reasons such as this.

  15. Anonymous Coward
    Anonymous Coward

    ways to catch offender

    From TFA: " and the Windows taskbar will show that the browser is still running after all windows have been closed."

    Sooo, Firefox acting as it always does? Thanks.

  16. david 12 Bronze badge

    Say no to small windows.

    Can't think of a reason why my browser should allow sites to open windows small enough to hide on the desktop. Can't think of a GOOD reason why it should allow new windows at all -- it's always advertising.

    1. Anonymous Coward
      Anonymous Coward

      Re: Say no to small windows.

      Ancient shitty websites (like the HR one we have where I work (hence AC)) will pop up a calendar in a new tiny window when you try to select a date. So there are some reasons to allow it. Disallowing that behaviour would break a lot of old sites, even if those old sites were standards compliant, so browsers can't really do it, certainly not be default.

  17. el_oscuro

    How does this even work?

    Every browser I have used in the last decade has had a pop-up blocker enabled by default. I have seen sites that get around this by implementing a pop-up within the same window, but that is not what this is. I don't really use IE anymore, but it has a pop-up blocker too. Is it not enabled by default?

  18. Dinsdale247

    HTTP 2 To The Rescue

    Don't worry guys HTTP 2 will fix this. There will be no way for someone know what is running in the browser (hello binary) and no way to block things that are listed as mandatory. Now these pesky users can't turn off your crytpo miners at all.

    I love technology. It's not paranoia when everyone really is out to get you.

  19. Anonymous Coward
    Anonymous Coward

    Aren't popups disabled by default?

    I haven't installed a new browser in a while. One without an accompanying user.js for even longer.

    But I had the impression that popups were disabled by default these days and you had to give explicit permission if you wanted a site to show one? I take it that's not the case?


POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019