4 stars based on
Browser-based cryptocurrency mining activity exploded in the last few months of After many years of deathly silence, the catalyst appears to be the launch of a new browser-based mining service in September by Coinhive.
Browser-based mining, as its name suggests, is a method of cryptocurrency mining that happens inside a browser and is implemented using scripting language. This is different compared to the more widely known file-based cryptocurrency mining approach which involves downloading and running a dedicated executable file.
The market for cryptocurrency was extremely limited and illiquid, meaning that even if you got some, it was not easy to turn it back into fiat currency for spending. Together with the diversity of coins to choose from inthere was also now a diversity of coin reward mechanisms.
It's against this backdrop that Coinhive released its browser-mining scripts designed to mine Monero, effectively bringing the idea of browser-based mining back from the dead. Coinhive is marketed as an alternative to browser ad revenue. The motivation behind this is simple: Users hopefully then get a cleaner, faster, and potentially less risky website remember malvertising? What could go wrong? Soon after the release of the Coinhive service, the hash rate for the service started to climb, and quickly too.
Hashing is the process of carrying out cryptographic hash calculations which are used to help process transactions.
Its initial attempts at browser mining were quickly spotted by users and they were not too happy about it.
So the most likely scenario is that the server was compromised either by an outsider, or even an insider. There are many reasons why browser-based mining is back with a vengeance. Unlike in previous failed attempts, recent developments in the cryptocurrency and threat landscapes have made this a much more viable activity.
Let's have a look at some of these factors in more detail:. Privacy is important if you want to mine coins maliciously, in order to ensure others cannot easily follow the money trail back to you. Monero, which came to the market incan offer a high level of transaction privacy.
As mentioned earlier, Coinhive provides a very neat and easy-to-use package for people to get involved in Monero mining. All you have to do is add a few lines of script to your website code.
You don't have to make website visitors download and install executable files. The Pirate Bay was soon followed by another high-profile site—this time Coinhive's miner was found on two of Showtime's websites.
The value of cryptocurrencies like Monero is going up dramatically. Under these circumstances where the price of Monero can go up substantially in dollar terms over a relatively short time, mining Monero can become an attractive proposition.
A small amount of Monero mined today could potentially be worth a great deal more in a matter of months conversely it could also drop significantly depending on the health of the overall cryptocurrency economy.
Mirroring the rising interest and price of cryptocurrency, we have also seen a big jump in our detections of both file- and browser-based cryptocurrency mining activity in recent months. Malicious cryptocurrency mining isn't just confined to desktop computers and servers.
As interest increases, more participants, both as miners and tool makers, join the fray. Coinhive, while being the best known at this time, doesn't have the market to itself. Similar projects like Crypto Loot are cropping up, and other browser mining projects like JSEcoin have been in beta since August and are trying to generate growth in this activity.
Symantec has observed a significant jump in all cryptocurrency mining activity in recent months as evidenced in our increasing detection rate See Figures 4 and 5. Despite the genuine aspirations of most browser mining projects to offer a real and potentially better alternative to traditional web revenue generation methods, the sad reality is, it can and is being misused. Increasing user awareness and detection by security vendors will trigger a new arms race between cyber criminals and defenders.
Symantec is keeping a watchful eye on the growing trend of browser mining. We are making adjustments as necessary to prevent unwanted cryptocurrency miners from stealing your computing resources to enrich others. Website owners should watch for injection of the browser-mining scripts into their website source code. Our network solutions can help you spot this in the network traffic as your server communicates with visitors.
In addition, file system scans can also show up any files where the browser-based miner code has been injected, enabling you to identify and clean up the content. Symantec helps prevent others from stealing your computing resources by protecting various stages of the attack chain:.
All mining software, whether it is file- or browser-based, must be able to connect to either the cryptocurrency network or a mining pool to exchange data, in other words its proof-of-work. Without this connection, it cannot get the data it needs to generate hashes, rendering it useless. We can also block the mining scripts from being downloaded in the first instance. Our network protection operates on our endpoint solutions as well as our gateway and cloud touch points; all these solutions help build a solid defense against unwanted mining activity.