Browser-based Cryptocurrency Miners

0
67

By Shawn Pope

Towards the end of 2017, browser-based cryptocurrency mining activity increased significantly. In fact, we saw browser-based cryptocurrency miners hidden inside big- name websites, such as Showtime, Politifact, and Pirate Bay, with the intent to generate revenue at the user’s expense. We’ve seen this method used previously with the inception of Bitcoin, but faded away after a large amount of processing power needed to mine Bitcoin wasn’t obtainable using this method. Fast forward to today and we see Bitcoin prices at an all-time high at 137 billion dollars. It was only a matter of time until this method of mining made a comeback.

Since Bitcoin mining still requires a large amount of processing power, browser-based miners have started mining something easier—Monero. Monero (XMR) is a newer privacy-focused cryptocurrency that is popular for this type of deployment since its mining operation is optimized for PC’s rather than specialized ASIC miners, which are used in Bitcoin mining operations.

Coinhive                                                                                                           

The front-runner for this controversial browser-based miner is Coinhive. This provides a simple, easy-to-use package that website owners can simply add to their website code. When users access the site, the Coinhive javascript code library executes and mines for the site owner using the user’s resources. However, what started out as a tool that lets you mine Monero with your browser, has turned into another technology abused by malware developers.

Cryptojacking                                                                                                  

We are starting to see legitimate browser extensions already packaged with miners. A Google Chrome extension, called Archive Poster, was recently found mining cryptocurrency on unsuspecting users’ PC’s—one of many crypto jacking attacks, where hackers have hijacked PC’s through compromised web servers and applications to mine cryptocurrency for themselves.

Unfortunately, we’re seeing more Cryptojacking incidents occur. Hackers are sneaking mining components on websites and stealing cryptocurrency off the website’s traffic. We also believe that this is a practice that will continue to evolve.

Where is this headed?                                                                                                

We can only expect this activity to increase this year, and we’re predicting that we will also see traditional malware evasion techniques implemented into browser mining. The payout from this activity isn’t going to be as high as something like ransomware, but the sheer fact of how simple this is to implement will keep attackers interested and therefore will attempt to prolong it if possible.

Stay secure

The challenge with mining malware is that it happens in the background where users can’t see it. If someone is crypto jacking your computer, unfortunately, you won’t be able to tell, so it’s important to make sure you take the proper precautions.

There are several Anti-Virus vendors that have updated their file system to scan detections to identify where any browser-based code has been injected, enabling you to identify and remove the content. Additionally, this type of ‘attack’ requires network connectivity to connect to either a cryptocurrency network or a mining pool to generate hashes for this activity to be detected and blocked from a firewall.

Lastly, it’s important to block this activity, which can be done via UTM features, such as Web Categorization filtering. Sites that are known to drop these miners can be added to a blacklist or may be reclassified as malicious by your firewall vendor.

About the Author

Shawn Pope is a Security Analyst at Nuspire Networks, a state-of-the-science managed network security provider for some of the largest and most distinctive companies across the world. For more information, visit www.Nuspire.com