ABSTRACT
In-browser cryptojacking is an emerging threat to web users. The attackers can abuse the users' computation resources to perform cryptocurrency mining without obtaining their consent. Moreover, the new web feature -WebAssembly (Wasm)- enables efficient in-browser cryptocurrency mining and has been commonly used in mining applications. In this work, we use the dynamic Wasm instruction execution trace to model the behavior of different Wasm applications. We observe that the cryptocurrency mining Wasm programs exhibit very different execution traces from other Wasm programs (e.g., games). Based on our findings, we propose a novel browser-based methodology to detect in-browser Wasm-based cryptojacking.
- Shayan Eskandari, Andreas Leoutsarakos, Troy Mursch, and Jeremy Clark. 2018. A first look at browser-based Cryptojacking. In 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, 58--66.Google ScholarCross Ref
- Guardian. 2018. https://www.theguardian.com/technology/2017/sep/27/pirate-bay-showtime-ads-websites-electricity-pay-bills-cryptocurrency-bitcoin.Google Scholar
- Geng Hong, Zhemin Yang, Sen Yang, Lei Zhang, Yuhong Nan, Zhibo Zhang, Min Yang, Yuan Zhang, Zhiyun Qian, and Haixin Duan. 2018. How you get shot in the back: A systematical study about cryptojacking in the real world. In Proceedings of the 25th ACM Conference on Computer and Communications Security (CCS). Toronto, Canada.Google ScholarDigital Library
- Amin Kharraz, Zane Ma, Paul Murley, Charles Lever, Joshua Mason, Andrew Miller, Nikita Borisov, Manos Antonakakis, and Michael Bailey. 2019. Outguard: Detecting In-Browser Covert Cryptocurrency Mining in the Wild. In Proceedings of the The Web Conference (WWW). San Francisco, CA.Google ScholarDigital Library
- Radhesh Krishnan Konoth, Emanuele Vineti, Veelasha Moonsamy, Martina Lindorfer, Christopher Kruegel, Herbert Bos, and Giovanni Vigna. 2018. Minesweeper: An in-depth look into drive-by cryptocurrency mining and its defense. In Proceedings of the 25th ACM Conference on Computer and Communications Security (CCS). Toronto, Canada.Google ScholarDigital Library
- Hon Lau. 2017. Browser-based cryptocurrency mining makes unexpected return from the dead. Sympantec Threat Intelligence (2017).Google Scholar
- Jan Rüth, Torsten Zimmermann, Konrad Wolsing, and Oliver Hohlfeld. 2018. Digging into browser-based crypto mining. In Proceedings of the Internet Measurement Conference 2018. ACM, 70--76.Google ScholarDigital Library
- TrendMicro. 2018. https://blog.trendmicro.com/trendlabs-security-intelligence/malvertising-campaignabuses-googles-doubleclick-to-deliver-cryptocurrency-miners/.Google Scholar
- Wenhao Wang, Benjamin Ferrell, Xiaoyang Xu, Kevin W Hamlen, and Shuang Hao. 2018. Seismic: Secure in-lined script monitors for interrupting cryptojacks. In European Symposium on Research in Computer Security. Springer, 122--142.Google ScholarCross Ref
- Mark Ward. 2018. http://www.bbc.com/news/technology-41518351.Google Scholar
Index Terms
Poster: Detecting WebAssembly-based Cryptocurrency Mining
Recommendations
MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications SecurityA wave of alternative coins that can be effectively mined without specialized hardware, and a surge in cryptocurrencies' market value has led to the development of cryptocurrency mining ( cryptomining ) services, such as Coinhive, which can be easily ...
MineThrottle: Defending against Wasm In-Browser Cryptojacking
WWW '20: Proceedings of The Web Conference 2020In-browser cryptojacking is an urgent threat to web users, where an attacker abuses the users’ computing resources without obtaining their consent. In-browser mining programs are usually developed in WebAssembly (Wasm) for its great performance. Several ...
How You Get Shot in the Back: A Systematical Study about Cryptojacking in the Real World
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications SecurityAs a new mechanism to monetize web content, cryptocurrency mining is becoming increasingly popular. The idea is simple: a webpage delivers extra workload (JavaScript) that consumes computational resources on the client machine to solve cryptographic ...
Comments