By Shawn Pope
Towards the end of 2017, browser-based cryptocurrency mining activity increased significantly. In fact, we saw browser-based cryptocurrency miners hidden inside big- name websites, such as Showtime, Politifact, and Pirate Bay, with the intent to generate revenue at the user’s expense. We’ve seen this method used previously with the inception of Bitcoin, but faded away after a large amount of processing power needed to mine Bitcoin wasn’t obtainable using this method. Fast forward to today and we see Bitcoin prices at an all-time high at 137 billion dollars. It was only a matter of time until this method of mining made a comeback.
Since Bitcoin mining still requires a large amount of processing power, browser-based miners have started mining something easier—Monero. Monero (XMR) is a newer privacy-focused cryptocurrency that is popular for this type of deployment since its mining operation is optimized for PC’s rather than specialized ASIC miners, which are used in Bitcoin mining operations.
We are starting to see legitimate browser extensions already packaged with miners. A Google Chrome extension, called Archive Poster, was recently found mining cryptocurrency on unsuspecting users’ PC’s—one of many crypto jacking attacks, where hackers have hijacked PC’s through compromised web servers and applications to mine cryptocurrency for themselves.
Unfortunately, we’re seeing more Cryptojacking incidents occur. Hackers are sneaking mining components on websites and stealing cryptocurrency off the website’s traffic. We also believe that this is a practice that will continue to evolve.
Where is this headed?
We can only expect this activity to increase this year, and we’re predicting that we will also see traditional malware evasion techniques implemented into browser mining. The payout from this activity isn’t going to be as high as something like ransomware, but the sheer fact of how simple this is to implement will keep attackers interested and therefore will attempt to prolong it if possible.
The challenge with mining malware is that it happens in the background where users can’t see it. If someone is crypto jacking your computer, unfortunately, you won’t be able to tell, so it’s important to make sure you take the proper precautions.
There are several Anti-Virus vendors that have updated their file system to scan detections to identify where any browser-based code has been injected, enabling you to identify and remove the content. Additionally, this type of ‘attack’ requires network connectivity to connect to either a cryptocurrency network or a mining pool to generate hashes for this activity to be detected and blocked from a firewall.
Lastly, it’s important to block this activity, which can be done via UTM features, such as Web Categorization filtering. Sites that are known to drop these miners can be added to a blacklist or may be reclassified as malicious by your firewall vendor.
About the Author
Shawn Pope is a Security Analyst at Nuspire Networks, a state-of-the-science managed network security provider for some of the largest and most distinctive companies across the world. For more information, visit www.Nuspire.com