Pickpockets and crypto jackers

While in the physical world the pickpockets illegally access the victims’ wallets to steal money, similarly in the digital world the crypto jackers illegally access the victims’ computer to access their crypto wallets and mine their crypto currency. These new types of attacks were firstly recorded in 2017.

Crypto jackers steal cryptocurrency using many different tricks, for example by hiding an illegal piece of code (crypto mining) in an e-mail or a website or an online ad and when the victim clicks from his device on the link it loads the crypto mining code which can go undetected for a long time while the crypto jacker abuses the system resources (e.g., local CPU) to mine cryptocurrency (cryptocurrency mining). The victim might not notice anything out of the ordinary, at the most he/she may notice is shortened battery life in his device, or an unusual increase in the temperature of the device.

Going back to 2011 crypto mining started as an innocent revolutionary service, providing an alternative revenue stream for the website owners and publishers; using JavaScript code where they could sign up and embed scripts on their websites enabling visitors to mine Bitcoins for them. Crypto mining was viewed as a potentially new web monetization scheme. In the traditional case of advertising, the costs for the user are associated with the network bandwidth and the privacy implications of targeted advertising while the cost of crypto mining is associated with higher energy consumption (e.g., battery drainage, overheating, etc.).

The increased growth of crypto mining did not create opportunities only for benign publishers, but for the cyber-attackers as well, especially by 2017 where we had a big variety of cryptocurrencies and a plethora of mining mechanisms.

The questions that arise are: What is the actual cost of the user when he/she visits a miner-supported website? What is the profitability for a publisher or a crypto jacker? Can crypto mining become an alternative to ads as a more profitable web monetization scheme for benign publishers?

In the REACT project and the paper “Truth in Web Mining: Measuring the Profitability and the Imposed Overheads of Crypto jacking” by P. Papadopoulos, P. Ilia and E. Markatos the conclusions were that:

  • Crypto mining alone is not profitable it becomes profitable only if it is combined with ads, by utilizing ads to generate a basic revenue and move to crypto mining when their websites become idle.
  • Time was found to be a very important factor since the more the embedded miner works in the background, the more profitable it becomes for the publisher or the crypto jacker.
  • The more websites rely on web-crypto-mining for funding, the less revenues will be generated for their publishers.

The cost of the user when they visit a miner-supported website is estimated by:

  • increased memory and energy (require 1.7x more space in real memory and consume 2.08x more energy than the ad supported websites);
  • burden with monetization cost (53% less than the revenue of the publisher);
  • increased thermal radiation while visiting each miner-supported website which may cause physical damage to the users’ device by thermal expansion;
  • heavy utilization of the user’s CPU that can affect the overall user’s experience not only in the visited website but in parallel processes and browser tabs.

To stay protected some hands-on tips are: Train Your IT Team; Educate Your Employees; Use Anti-Cryptomining Extensions; Use Ad-Blockers and Disable JavaScript.

In nowadays threat landscape that’s constantly shaping, staying safe from the most recent menaces like crypto jacking is of significant importance. Organizations and individuals need to stay alert and protected against malicious acts from crypto jackers!