Following extensive research by Qualys Malware Research Labs, Qualys has announced the Qualys BrowserCheck CoinBlocker, a new Google Chrome browser extension to protect users from browser-based coin mining attacks.
Cryptomining is a rising online threat that is expected to grow as digital currencies and blockchain technologies continue to gain wider acceptance. Attackers are employing various techniques to use unsuspecting users’ systems for malicious purposes.
Cryptojacking has gone mainstream recently because it is safer for cybercriminals and webmasters than ransomware, which requires interaction with the victim to collect payment. And because cryptojacking is browser based, it is easier to infect victims than hacking into servers. As cryptomining becomes more resource-intensive over time in terms of compute power and electricity consumption required, stealing those resources is becoming more enticing to attackers.
Cryptojacking attacks leverage the victim system’s resources via malicious JavaScript to mine certain cryptocurrencies. Attackers carry out these attacks by infecting popular sites with JavaScript that enables cryptojacking. Any visitor to such sites will download the JavaScript and unknowingly contribute its system resources to mine a cryptocurrency that is added to the attacker’s wallet.
The resource-intensive mining process is carried out on victim systems typically consumes more than 70% of CPU, that reduces system performance, increases power consumption and can cause possible permanent damage to the system.
Because cryptojacking helps attackers earn cryptocurrency without spending a dime on mining infrastructure, it is very profitable. The overall cryptocurrency market capitalisation has reached more than US$270 billion as of July 2018 with more than 1,700 active projects. There is a lot of money to be made for attackers leveraging these projects, and cryptomining is gradually moving to the centre stage of threat landscape as an even more attractive option compared to the recent favourite ransomware campaigns.
Qualys BrowserCheck CoinBlocker Extension relies not only on the domain blacklist but also uses heuristics to identify underlying cryptomining algorithms like CryptoNight (used for mining Monero) and its various artefacts.
Click below to share this article