A First Look at Browser-Based Cryptojacking

@article{Eskandari2018AFL,
  title={A First Look at Browser-Based Cryptojacking},
  author={Shayan Eskandari and Andreas Leoutsarakos and Troy Mursch and Jeremy Clark},
  journal={2018 IEEE European Symposium on Security and Privacy Workshops (EuroS\&PW)},
  year={2018},
  pages={58-66}
}
In this paper, we examine the recent trend to- wards in-browser mining of cryptocurrencies; in particular, the mining of Monero through Coinhive and similar code- bases. In this model, a user visiting a website will download a JavaScript code that executes client-side in her browser, mines a cryptocurrency—typically without her consent or knowledge—and pays out the seigniorage to the website. Websites may consciously employ this as an alternative or to supplement advertisement revenue, may… 
View on IEEE
arxiv.org
124 Citations
Highly Influential Citations
16
Background Citations
73
Methods Citations
10
Results Citations
5

124 Citations

Thieves in the Browser: Web-based Cryptojacking in the Wild

This paper proposes a 3-phase analysis approach, which enables to identify mining scripts and conduct a large-scale study on the prevalence of cryptojacking in the Alexa 1 million websites, and finds that Cryptojacking is common, with currently 1 out of 500 sites hosting a mining script.

Web-based Cryptojacking in the Wild

This paper proposes a 3-phase analysis approach, which enables to identify mining scripts and conduct a large-scale study on the prevalence of cryptojacking in the Alexa 1 million websites, and finds that Cryptojacking is common, with currently 1 out of 500 sites hosting a mining script.

End-to-End Analysis of In-Browser Cryptojacking

A statically and dynamically analyzed model is built that examines the feasibility of cryptojacking as an alternative to online advertisement, and shows a huge negative profit/loss gap, suggesting that the model is impractical.

On legitimate mining of cryptocurrency in the browser - a feasibility study

This is the first feasibility study of browser mining as a legitimate means of monetisation in terms of revenue, user consent and user experience within a specially built website and finds browser mining to be a legitimate alternative to display advertisement.

Browser-Based Deep Behavioral Detection of Web Cryptomining with CoinSpy

It is argued why CoinSpy is the most robust defense against current and future cryptojacking attacks as compared to recent work, and it is shown that it can detect various Cryptojacking campaigns with 97% accuracy.

Just the Tip of the Iceberg: Internet-Scale Exploitation of Routers for Cryptojacking

The results show that cryptojacking through MITM attacks is highly lucrative, a factor of 30 more than previous attack vectors.

MineThrottle: Defending against Wasm In-Browser Cryptojacking

MineThrottle is proposed, a browser-based defense mechanism against Wasm cryptojacking, which instruments Wasm code on the fly to detect mining behavior using block-level program profiling and throttles drive-by mining behavior based on a user-configurable policy.

MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense

A comprehensive analysis on Alexa's Top 1 Million websites to shed light on the prevalence and profitability of drive-by mining, and presents MineSweeper, a novel detection technique that is based on the intrinsic characteristics of cryptomining code, and, thus, is resilient to obfuscation.

MANiC: Multi-step Assessment for Crypto-miners

MANiC (Multi-step AssessmeNt for Crypto-miners), a system to detect CryptoJacking websites that uses regular expressions that are compiled in accordance with the API structure of different miner families, demonstrates favourable results when used to analyse the Alexa top 1m websites.

Dine and Dash: Static, Dynamic, and Economic Analysis of In-Browser Cryptojacking

An analytical model is built to empirically evaluate the feasibility of cryptojacking as an alternative to online advertisement and shows a large negative profit and loss gap, indicating that the model is economically impractical.
...

References

SHOWING 1-10 OF 53 REFERENCES

A Search Engine Backed by Internet-Wide Scanning

Censys is introduced, a public search engine and data processing facility backed by data collected from ongoing Internet-wide scans that can identify specific vulnerable devices and networks and generate statistical reports on broad usage patterns and trends.

An Empirical Analysis of Traceability in the Monero Blockchain

It is found that after removing mining pool activity, there remains a large amount of potentially privacy-sensitive transactions that are affected by these weaknesses in Monero's mixin sampling strategy and two countermeasures are proposed and evaluated that can improve the privacy of future transactions.

Bitcoin and Cryptocurrency Technologies - A Comprehensive Introduction

The history and development of Bitcoin and cryptocurrencies are traced, and the conceptual and practical foundations you need to engineer secure software that interacts with the Bitcoin network are given as well as to integrate ideas from Bitcoin into your own projects.

An Empirical Analysis of Linkability in the Monero Blockchain

This report empirically evaluates two weaknesses in Monero’s mixin sampling strategy, and proposes and evaluates a countermeasure derived from blockchain data that can improve the privacy of future transactions.

Botcoin: Monetizing Stolen Cycles

This work conducts the first comprehensive study of Bitcoin mining malware, and deduces the amount of money a number of mining botnets have made by carefully reconstructing the Bitcoin transaction records.

Crying Wolf: An Empirical Study of SSL Warning Effectiveness

A better approach may be to minimize the use of SSL warnings altogether by blocking users from making unsafe connections and eliminating warnings in benign situations.

Busting frame busting a study of clickjacking vulnerabilities on popular sites

This work studies frame busting practices for the Alexa Top-500 sites and shows that all can be circumvented in one way or another.

Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors

This work investigates the root causes of HTTPS error warnings in the field, and finds that more than half of errors are caused by client-side or network issues instead of server misconfigurations.

On the challenges in usable security lab studies: lessons learned from replicating a study on SSL warnings

Alternative to traditional laboratory study methodologies are proposed that can be considered by the usable security research community when investigating research questions involving sensitive data where trust may influence behavior.

Mining on Someone Else's Dime: Mitigating Covert Mining Operations in Clouds and Enterprises

Covert cryptocurrency mining operations are causing notable losses to both cloud providers and enterprises, and affected organizations have no way of detecting these covert, and at times illegal miners and often discover the abuse when attackers have already fled and the damage is done.
...