Article initially published in: Infosec Institute by Pedro Tavares
Recently, cryptocurrencies have been making the headlines, especially with the number of attacks that have been occurring. In technical terms, this is also known as “Crypto-Jacking,” or “Cryptomining.”
The inception of the Cryptocurrency began in 2008. Satoshi Nakamoto registered the domain name bitcoin.org on August 18th, 2008. A new paradigm was born, and this allowed for the transaction of money through the Internet as it has never been seen before. As a result, it was only a matter of time before the Cyber attacker explored the complexity of this distributed technology.
Crypto-jacking allows the Cyber attacker to use a web browser to harvest cryptocurrency such as the Bitcoin. Some resources, such as the user’s CPU power and levels of electricity usage, are used to mine the Cryptocurrency covertly.
How crypto-jacking works
The Cyber attackers are using techniques such as Code Injection, Cross-Site Scripting (XSS), and SQL Injection (SQLi) to add a malicious snippet of code into a target system.
The illustration below shows how this type of scheme is deployed:
Initially, the Cyber attacker adds malicious code into the target platform, (such as a website marked as 1. in the figure above). The user accesses the website via their web-browser, and the server renders the web content. The malicious code is then coupled together with the website code, and the mining process commences.
Next, a piece of code that can be used to mine a cryptocurrency is illustrated below:
gt; <script> var miner = new CoinHive.Anonymous(‘YOUR_TOKEN’); miner.start(); </script>
The malicious snippet is described as follows:
- The CoinHive API with the Monero token is set up.
- The miner then starts.
Advertisements and the crypto-jacking scheme
Cryptominers can be used legally when the website owner asks visitors for permission to use their processing power for mining purposes. Nonetheless, this practice becomes abusive when the Cyber attacker accesses and uses the other users’ machines without permission (this becomes crypto-jacking). The Cyber attacker thus slows down the target computer by using the memory and processing power, while at the same time, increasing the unsuspecting user’s electricity bills.
How much money can hackers make through such schemes?
This question does not have an absolute answer. It depends on how much website traffic is being used. According to a crypto-mining experiment conducted by Maxence Cornet, a negative rate of return is yielded for approximately 1,000 visits per day and with 55 seconds of session duration for a website.
It mined 0.00947 XMR in 60 hours. That is a total of $0.89, or $0.36 per day. In comparison, a website with the same number of daily visits that uses conventional advertising could potentially get a better rate of return when compared to the mining approaches.
It is important to note that the rise of crypto-jacking is occurring at a rapid pace. As a result, Google and Opera web-browsers have solutions in place that are currently blocking in-browser crypto-jacking.
For example, Opera developed a browser functionality to stop malicious mining. Google Chrome has also created an extension called “No Coin Available” that blocks abusive mining.
As with other security matters, it is crucial to update systems and networks so that they are not maliciously exploited.
Hardware and electricity are two of the most significant expenses for encryption miners. Using crypto-jackers, the Cyber attacker can bypass these expenses and covertly make their victims pay for it without their knowledge. Crypto-jackers can use 100% of the CPU power of the target machine. This results in overloaded CPUs and a breakdown of the entire process.
Finally, when you suspect that any website you visit may be compromised, you can verify this by entering the URL of the website on the Who is mining website. This is an up-to-date list of the websites that are currently used to mine cryptocurrency.
Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, exploitation, hacking, IoT and security in Active Directory networks. He is also Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens.
Read more here.