The exploit relies on a smart pop-under trick. Code on the website determines your monitor’s resolution and places a ghost browser session sitting behind the clock on the MS Windows task bar, where it continues to mine cryptocurrency, utilizing a portion of your CPU’s power and resources.
The impact on your system’s performance is nominal, so only the most observant users will notice anything amiss.
According to Malwarebytes researcher Jerome Segura, “This type of pop-under is designed to bypass adblockers and is a lot harder to identify because of how cleverly it hides itself. Closing the browser using the “X” is no longer sufficient. The more technical users will want to run Task Manager to ensure there is no remnant running browser processes and terminate them. Alternatively, the taskbar will show the browser’s icon with slight highlighting, indicating that it is still running.”
It’s worth noting that there are a couple of other ways you can determine whether some portion of your system’s resources are being coopted in this manner. Restarting your system will certainly do the trick, and if you have your taskbar set to transparent, you’ll be able to see the pop-under quite clearly. Also, resizing or relocating the task bar will reveal the hidden browser window.
This is but the latest chapter in the ongoing battle between hackers and unscrupulous website owners and the makers of adblocking and other types of security software. In time, ad blocking software will be modified to catch this type of exploit, and in response, the owners of malicious websites will change their approach and find a new way to get around various detection schemes. As ever, while software can certainly help, vigilance remains the best defense.