Using the Chrome Task Manager to Find In-Browser Miners

[LASER_oneXM]

source (bleepingcomputer.com): Using the Chrome Task Manager to Find In-Browser Miners

The use of browsers to mine for digital currency is becoming a major problem. With more and more sites incorporating in-browser mining scripts such as CoinHive and web extensions injecting them into web pages, people will continue to be affected by this attack.

When a browser is used for in-browser mining, the computer's CPU will be used to mine for digital currency such as Monero. This causes your CPU to run at high temperatures for extended periods of time, which could cause damage to the CPU.

Unfortunately, you may not even notice that your browser and computer is being used this way until your computer becomes slower, starts to freeze, or even shuts down from overheating. If you went into the Windows task manager, you may notice that Chrome is using an unusual amount of the CPU.

While this indicates that Chrome is acting strange, it does not provide any information to determine what extension or tab is utilizing all of the CPU in Chrome. Thankfully, Chrome includes a little used tool called the Chrome Task Manager that makes it easy to track down the site or extension that is using a lot of CPU and possibly a in-browser miner.

Detecting sites using too much CPU
If Chrome is using too much CPU, we need to determine if its a site causing the utilization or an extension. In our example, we are using a test site created by https://badpackets.net that starts the in-browser CoinHive miner. This causes Chrome to use upwards to 90% of the CPU

To check what site is utilizing too much CPU, we can open the Chrome Task Manager by using the Shift+ESC keyboard combination or open it from the Chrome menu, then More Tools, and then Chrome Task Manager.

When the Chrome Task Manager opens, you will see a list of processes and how much CPU each is using. For each site, extension, internal process, and subframe that is open, a new process will be listed.

Site loaded miner
You can then search through the list of processes in determine which one is using up the CPU power. As you can see from the image above, the tab titled Phone Killer is the one that it using over 92% of the computer's CPU.

To close this tab, simply click on it once to select it and then click on the End Process button. Once this tab is closed, your computer should go back to running normally and it would be a good idea to avoid that site in the future.

Protecting yourself from In-Browser Miners
Miners are becoming an epidemic and in-browsing mining is only going to get worse. Therefore, it is important that all users protect themselves by installing antivirus software that detects when a browser connects to known mining services such as CoinHive.

Unfortunately, new services keep popping up and it has become a game of whack-a-mole for the security industry. Therefore, your installed software may not detect the URL or scripts associated with a new in-browser miner.

To add further protection, you can use an adblocker with Chrome, which will block in-browser mining scripts. For those looking for a more granular approach, you can use the CoinBlockerLists site to download lists of IP addresses and domains affiliated with in-browser mining.