Monday, November 27, 2017

Cryptojacking Brief Introduction


http://hondacostarica.com/ contains CoinHive and stealing CPU cycles
















What is cryptomining?

Cryptocurrencies are underpinned by a technology named blockchain. Blockchain is a public ledger shared amongst a network of computers and consists of all transactions that have taken place using a certain cryptocurrency. Transactions are validated and stored in the blockchain through a process called mining (cryptomining). Mining is done by certain peers of the cryptocurrency network who compete (individually or in groups) in solving a difficult mathematical problem, called proof-of-work. This problem requires significant computational power to be solved. The node or group of nodes solving the problem first gets to add the latest batch of completed transactions in the blockchain and receives a reward for the performed computation (in cryptocurrency coins). Mining requires the use of special software for solving the mathematical problem.

Coinhive: Cryptomining in the browser

In September 2017, a company introduced Coinhive, which mines the cryptocurrency Monero (XMR). Coinhive, is a piece of code written in JavaScript; website owners can simply embed it in their website. Coinhive introduced a new business model for websites. It claims that website owners can remove ads from their websites, load Coinhive instead, and while users are simply browsing the website, mine for Monero. In that way, website owners can supposedly still make profit and support their businesses, without bothering their visitors with advertisements.

When users access a website with Coinhive embedded, Coinhive initiates the process of cryptomining on behalf of the website owner by using user system resources. The visitors of a website represent the group of nodes doing the intensive computational work to solve the mathematical problem. But, instead of them receiving the reward when solving the challenge, the website owner receives it. Moreover, in cases of abuse, i.e. when cyber criminals inject the cryptomining script in compromised websites, cyber criminals receive the reward. Due to Coinhives resonance (resulting from both legitimate and illegal use cases) more software similar to Coinhive emerged.

Cryptomining abuse

The technique of hijacking browsers for mining cryptocurrency (without user consent) is called "cryptojacking. Delivering cryptocurrency miners through malware is nothing new. Yet, mining cryptocurrency when accessing a webpage is new and it has already been abused and rapidly spread. The figure below illustrates how cyber criminals abuse cryptomining scripts through cryptojacking. Cryptojacking also refers to legitimate websites that do not explicitly ask visitors consent prior to executing cryptomining scripts in their browsers, nor do they provide them the option to opt-out. 

from
https://www.enisa.europa.eu/publications/info-notes/cryptojacking-cryptomining-in-the-browser


Protection
Kasperksy or Malwarebytes AV will protect you

No comments:

Post a Comment