Home / Others / Cryptojacking allows foreigners to extract cryptocurrency with the browser

Cryptojacking allows foreigners to extract cryptocurrency with the browser

There is something new add to your funny mental list of invisible internet dangers. Combining favorite classics such as adware and spyware comes a new, complicated threat called "cryptography" that secretly uses your laptop or mobile device to extract cryptocurrency when you visit an infected site.

Malicious miners are not new to themselves, but cryptojacking has exploded in popularity in recent weeks because it offers a smart turn. The bad guys do not need to introduce software on the computer to make it work, which can be an attack that requires a lot of resources. Instead, the latest technique uses Javascript to start working immediately when you load a compromised Web page. There's no immediate way to say that the page has a hidden data mining component, and you may not notice any impact on performance, but someone has hijacked your devices – and the electric bill – for digital profit.

The idea for encryption coalesced in mid-September, when a company called Coinhive presented a script that could start extracting the Monero cryptocurrency when a web page was loaded. The torrent site of Pirate Bay has quickly incorporated it to raise funds, and within a few weeks the copies of Coinhive have started to tick. Hackers have even found ways to inject scripts into websites such as Politifact.com and Showtime, without the owners' knowledge, extracting money for themselves from the traffic of another site.

& # 39; There is no opt-in or opt-out option. We have observed that it is putting a strain on system resources. "

Adam Kujawa, Malwarebytes Labs

So far these types of attacks have been discovered by the source code of sites compromised by users, included Troy Mursch security researcher-We notice that their processor load increases dramatically after navigating on encrypted pages. To protect yourself from encryption, you can add sites you're worried about or those you know in-browser mining to your browser's blocking ads tool. There is also a 'Chrome extension called No Coin, created by developer Rafael Keramidas, which blocks Coinhive mining and also adds protection to other miners.

"We've seen malicious websites use built-in scripts to distribute malware, force ads, and force navigation to specific websites," says Karl Sigler, head of threat intelligence research at SpiderLabs, who scans for the Trustwave scanner. "We've also seen malware that focuses on stealing cryptocurrency portfolios or mining in the background." Combine the two together and have a game made in hell. "

What complicates the wave of cryptography, say the experts, is that with the right protections in place it could actually be a constructive tool. Coinhive has always claimed that it means its product as a new revenue stream for websites. Some sites already use a similar approach to raise money for charitable causes such as disaster relief. And observers in particular see miners in the browser as a potential supplement or an alternative to digital ads, which are known to have their own security problems.

Early users like Pirate Bay have warned their users that technology deserves to be tolerated. "Do you want to advertise or want to give away some of your CPU cycles every time you visit the site?" Pirate Bay has asked its users in mid-September. Most commenters on the feedback request supported in-browser mining if it reduced the ads, but it was observed that if multiple sites adopt the technique, having multiple tabs open while browsing the web may consume processing resources.

Concerns are deeper among viewers who are unaware that their devices are being used without their knowledge or consent. In fact, malware scanners have already started to block these mining programs, citing their intrusiveness and opacity. Coinhive, and the explosion of alternatives that have come out, must take measures in good faith, such as incorporating hard-coded authentication protections and adding protections on the amount of processing power they draw, before malware scanners stop block them.

"Everything is a little crazy right now, because it just came out," says Adam Kujawa, the director of Malwarebytes Labs, who searches for the Malwarebytes scan service and started to block Coinhive and other cryptojacking scripts this week. "But actually I think the whole concept of script-based miner is a good idea, it could be a good alternative for something like advertising revenue, but now we're blocking it just because there are no opt-in options or opt-outs. We've observed that it's putting a strain on system resources – scripts could degrade hardware. "

To this end, Coinhive introduced a new version of its product this week, called AuthedMine, which requires the user's permission to turn their browser into a Monero generator. "AuthedMine applies an explicit opt-in from the end user to run the miner," said Coinhive in a statement on Monday. "We have done everything possible to ensure that our implementation of the opt-in can not be bypassed and we are committed to keeping it that way.The miner AuthedMine will never be started without the user's consent."

This course correction is a positive step, but numerous cryptographic scripts, including Coinhive's original, are already available to hackers and can not be retrieved now. Experts also see other potential problems with the technique, even if the extraction process is totally transparent. "An opt-in option … does not eliminate potential instability issues introduced by this," says Trustwave's Seal. "When dozens of machines get stuck in a company or when a major job is lost due to a technical data mining problem, it can have a serious impact on an organization's network."

And with more malware scanners on alert, hackers will begin to evolve the technology to make it thinner and harder to find. As with other types of malware, hackers can bounce victims on malicious websites using redirect tactics or incorporate Javascript obfuscation techniques to prevent scanners from finding their script-based miners.

However, the positive potential of miners in the browser seems to be worth the complications for some. "I hope that in a year we will see an even greater evolution of this technology to the point that it can not be exploited by website owners who want to trick people into managing these miners," says Kujawa of Malwarebytes. "But if it's only associated with malicious activities, it may take a while for technology to evolve into a safer place and anyone can trust it."

Like many web tools, cryptojacking has many promises as innovation and many people are happy to exploit it.

Source link