Cryptojacking, a type of cyber attack in which an attacker hijacks a target’s processing power to mine cryptocurrency on the attacker’s behalf. Researchers from Fudan University, Tsinghua University and the University of California Riverside have published the first systematic study about cryptojacking in the real world called as “How You Get Shot in the Back”. This study has revealed growing sophistication in the malicious mining of Cryptocurrency, as reported by Bitcoin Magazine.
In this study, researchers have studied various characteristics of cryptojacking scripts. They built CMTracker, a behavior-based detector with two runtime profilers for automatically tracking Cryptocurrency Mining scripts and their parallel domains.
They found 2,770 uncommon cryptojacking samples from 853,936 popular web pages, including 868 among top 100K in Alexa list. By using these samples they gained a more clear picture of the attacks, including their impact, distribution mechanisms, obfuscation, and attempts to avoid detection. They further found that a different set of companies benefit from this activity because of the unique wallet ids. Not only this, to stay under the radar, they also update their attack domains.
Cryptojacking and CMTracker Design
Researchers designed and implemented a detector called CMTracker to identify this attack. After that, they crawled Alexa’s top 100K websites and found 2,770 cryptojacking pages. They calculated the damage of cryptojacking, displaying that it costs more than 278K kWh extra power daily, and hackers are earning at least 59K US dollars daily. They analyzed different aspects of the attack domains and the behaviors of scripts.
As reported by CryptoTicker, in the month of June 2018, the cybersecurity company McAfee had disclosed that thousands of websites worldwide have fallen prey to a cryptojacking malware that forces their visitors’ computers to mine cryptocurrency without them knowing when browsing the site. Hackers have extended their activity into the area of cryptojacking, the infection of user systems for the purpose of hijacking and using them to mine for cryptocurrencies. The coin miner malware grew by 629% to more than 2.9 million known samples in Q1 2018 from almost 400,000 samples in Q4 2017.
The CMTracker detected 2,770 cryptojacking websites that affect 10 million web users per month. The cryptojacking workloads cost more than 278K kWh extra power daily, the equivalent of the energy consumption of a small town with 9.3K people. Attackers are earning more than 59K US dollars daily. Researchers also concluded that different malicious domains are used in collaboration with each other. The cryptojacking pages swiftly alter their domains, causing the current blacklist-based solutions ineffective.
Researchers obtained following findings :
- Most malicious miners are not centrally controlled.
- Mining services and advertisers facilitate most cryptojacking websites.
- A significant number of attackers benefit from abusing cryptocurrency mining services.
- The malicious samples disappear or update frequently.
- State-of-the-art mitigations, for example, blacklists, are insufficiently to locate cryptojacking in time.
- Evasion techniques are effective against antivirus engines.
The researchers further concluded that
We estimate the real-world damage of this threat to over 10 million web users and 278K kWh extra power daily, equivalent of the energy consumption of a small town with 9.3k people. We measure the organization, life cycle, and technical details of cryptojacking webpages. Our results show that a significant number of attackers benefit from such attacks, and existing mitigation solutions are ineffective in blocking cryptojacking.
They also found that some cryptocurrency mining services, such as Coinhive, are abused to insert cryptojacking in large scale and cryptocurrency mining services have not paid enough attention to avoid abuses.
Trading Bitcoin is too complicated?
We highly recommend our Crypto-Starter-Kit to you!
Follow us on Social Media and subscribe to our free crypto newsletter!
Diskutiere mit uns!
This post may contain promotional links that help us fund the site. When you click on the links, we receive a commission - but the prices do not change for you! :)
Disclaimer: The authors of this website may have invested in crypto currencies themselves. They are not financial advisors and only express their opinions. Anyone considering investing in crypto currencies should be well informed about these high-risk assets.
Trading with financial products, especially with CFDs involves a high level of risk and is therefore not suitable for security-conscious investors. CFDs are complex instruments and carry a high risk of losing money quickly through leverage. Be aware that most private Investors lose money, if they decide to trade CFDs. Any type of trading and speculation in financial products that can produce an unusually high return is also associated with increased risk to lose money. Note that past gains are no guarantee of positive results in the future.