Jump to content

Invite Scene - #1 to Buy, Sell, Trade or Find Free Torrent Invites

#1 TorrentInvites Community. Buy, Sell, Trade or Find Free Torrent Invites for Every Private Torrent Trackers. HDB, BTN, AOM, DB9, PTP, RED, MTV, EXIGO, FL, IPT, TVBZ, AB, BIB, TIK, EMP, FSC, GGN, KG, MTTP, TL, TTG, 32P, AHD, CHD, CG, OPS, TT, WIHD, BHD, U2 etc.

LOOKING FOR HIGH QUALITY SEEDBOX? EVOSEEDBOX.COM PROVIDES YOU BLAZING FAST & HIGH END SEEDBOXES | STARTING AT $5.00/MONTH!

Piracy: Drive-By Cryptocurrency Miners Get More Persistent


Len

Recommended Posts

There have been plenty of stories recently about websites, often connected to content piracy and other dodgy activities, running background software that harnesses your computer's resources to mine cryptocurrency wile you're on their site. But, once you close the browser window, the CPU thieves lost access to your processor and associated resources. Malwarebytes has found that some have resorted to a clever trick to keep mining for cryptocurrency even when you've closed the offending browser window.

According to the blog published by Malwarebytes, the crypto-miners open a hidden browser window that sits behind the Task Bar and clock on your computer, hidden from view but still siphoning CPU cycles and power from your computer.

Malwarebytes says the windows is placed at a horizontal position of –100 pixels of your current screen x resolution and a vertical position of -40 pixels of the current screen y resolution. In other words, well out of view but still active.

The technique is able to bypass most ad-blockers and runs from a crypto-mining engine hosted by AWS - who I assume will take action to block them once they are fully aware of what's going on. At least I hope that's the case.

As far as stoping this, Malwarebytes says it's not easy as the technique used is able to bypass most normal protections. If you suspect your CPU is running a little harder than usual (there are utilities for putting CPU usage in a more visible place than the Windows Task Manager), take a look for any browser windows that shouldn't be there and kill them.

The blog entry also notes some IP addresses and sites that seem to be associated with this technique. They are
 

  • 145.239.64.86,yourporn[.]sexy,Adult site
  • 54.239.168.149,elthamely[.]com,Ad Maven popunder
  • 52.85.182.32,d3iz6lralvg77g[.]cloudfront.net,Advertiser's launchpad
  • 54.209.216.237,hatevery[.]info,Cryptomining site
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Check out what our members are saying

  • Our picks

×
×
  • Create New...