How to evade modern web cryptojacking detection tools? A review of practical findings
ARES '24: Proceedings of the 19th International Conference on Availability, Reliability and Security
Article No.: 83, Pages 1 - 10
Abstract
One of the foundations of cryptocurrencies based on proof-of-work consensus is mining. This is an activity which consumes a lot of computational resources, so malicious actors introduce cryptojacking malware to exploit users computers and in result use their victim resources. Usually it operates either as an operating system process (host-based) or in a web browser (web-based). Cryptojacking emerged several years ago together with the increasing adoption and prevalence of cryptocurrencies and, as we hear regularly about attacked cloud providers or affected websites including major web content provider, the threat still requires respective attention.
In this paper we analyze three selected promising detection methods leveraging new and sophisticated techniques, not only standard blacklisting approach which is the most common way of preventing this kind of attacks. The analysis resulted in findings showing that all the considered solutions are vulnerable and that they can be tricked from the server controlled by the malicious actor. We also show how the discovered vulnerabilities can be mitigated and by that the solutions can be improved.
References
[1]
2019. WWW ’19: Companion Proceedings of The 2019 World Wide Web Conference. (2019).
[2]
Weikang Bian, Wei Meng, and Mingxue Zhang. 2020. Minethrottle: Defending against wasm in-browser cryptojacking. In Proceedings of The Web Conference 2020. 3112–3118.
[3]
Maurantonio Caprolu, Simone Raponi, Gabriele Oligeri, and Roberto Di Pietro. 2021. Cryptomining makes noise: Detecting cryptojacking via machine learning. Computer Communications 171 (2021), 126–139.
[4]
Domhnall Carlin, Philip O’kane, Sakir Sezer, and Jonah Burgess. 2018. Detecting cryptomining using dynamic analysis. In 2018 16th annual conference on privacy, security and trust (PST). IEEE, 1–6.
[5]
Luca Caviglione, Michał Choraś, Igino Corona, Artur Janicki, Wojciech Mazurczyk, Marek Pawlicki, and Katarzyna Wasielewska. 2020. Tight arms race: Overview of current malware threats and trends in their detection. IEEE Access 9 (2020), 5371–5396.
[6]
Calum Edwards. 2023. Cryptojacking is on the rise, and it’s here to stay. https://excellence-it.co.uk/insights/cryptojacking/ [Online; accessed 11-May-2024].
[7]
Europol. 2024. Cryptojacker arrested in Ukraine over EUR 1.8 million mining scheme. https://www.europol.europa.eu/media-press/newsroom/news/cryptojacker-arrested-in-ukraine-over-eur-1.8-million-mining-scheme [Online; accessed 11-May-2024].
[8]
Aldo Hernandez-Suarez, Gabriel Sanchez-Perez, Linda K Toscano-Medina, Jesus Olivares-Mercado, Jose Portillo-Portilo, Juan-Gerardo Avalos, and Luis Javier Garcia Villalba. 2022. Detecting cryptojacking web threats: An approach with autoencoders and deep dense neural networks. Applied Sciences 12, 7 (2022), 3234.
[9]
Geng Hong, Zhemin Yang, Sen Yang, Lei Zhang, Yuhong Nan, Zhibo Zhang, Min Yang, Yuan Zhang, Zhiyun Qian, and Haixin Duan. 2018. How you get shot in the back: A systematical study about cryptojacking in the real world. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 1701–1713.
[10]
Muhammad Haris Khan Abbasi, Subhan Ullah, Tahir Ahmad, and Attaullah Buriro. 2023. A real-time hybrid approach to combat in-browser cryptojacking malware. Applied Sciences 13, 4 (2023), 2039.
[11]
Amin Kharraz, Zane Ma, Paul Murley, Charles Lever, Joshua Mason, Andrew Miller, Nikita Borisov, Manos Antonakakis, and Michael Bailey. 2019. Outguard: Detecting in-browser covert cryptocurrency mining in the wild. In The World Wide Web Conference. 840–852.
[12]
Dmitry Kondratyev and Andrey Ivanov. 2022. The state of cryptojacking in the first three quarters of 2022. https://securelist.com/cryptojacking-report-2022/107898/ [Online; accessed 11-May-2024].
[13]
Radhesh Krishnan Konoth, Emanuele Vineti, Veelasha Moonsamy, Martina Lindorfer, Christopher Kruegel, Herbert Bos, and Giovanni Vigna. 2018. Minesweeper: An in-depth look into drive-by cryptocurrency mining and its defense. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 1714–1730.
[14]
Naresh Kshetri, Mir Mehedi Rahman, Sayed Abu Sayeed, and Irin Sultana. 2023. cryptoRAN: A review on cryptojacking and ransomware attacks wrt banking industry–threats, challenges, & problems. arXiv preprint arXiv:2311.14783 (2023).
[15]
Marius Musch, Christian Wressnegger, Martin Johns, and Konrad Rieck. 2019. Thieves in the browser: Web-based cryptojacking in the wild. In Proceedings of the 14th International Conference on Availability, Reliability and Security. 1–10.
[16]
Rui Ning, Cong Wang, ChunSheng Xin, Jiang Li, Liuwan Zhu, and Hongyi Wu. 2019. Capjack: Capture in-browser crypto-jacking by deep capsule network through behavioral analysis. In IEEE INFOCOM 2019-IEEE Conference on Computer Communications. IEEE, 1873–1881.
[17]
Sergio Pastrana and Guillermo Suarez-Tangil. 2019. A first look at the crypto-mining malware ecosystem: A decade of unrestricted wealth. In Proceedings of the Internet Measurement Conference. 73–86.
[18]
Pawel Rajba and Wojciech Mazurczyk. 2022. Limitations of web cryptojacking detection: A practical evaluation. In Proceedings of the 17th International Conference on Availability, Reliability and Security. 1–6.
[19]
Juan D Parra Rodriguez and Joachim Posegga. 2018. Rapid: Resource and api-based detection against in-browser miners. In Proceedings of the 34th Annual Computer Security Applications Conference. 313–326.
[20]
Olanrewaju Sanda, Michalis Pavlidis, and Nikolaos Polatidis. 2024. A deep learning approach for host-based cryptojacking malware detection. Evolving Systems 15, 1 (2024), 41–56.
[21]
Ege Tekiner, Abbas Acar, A Selcuk Uluagac, Engin Kirda, and Ali Aydin Selcuk. 2021. SoK: cryptojacking malware. In 2021 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 120–139.
[22]
Subhan Ullah, Tahir Ahmad, Rizwan Ahmad, and Mudassar Aslam. 2023. Prevention of Cryptojacking Attacks in Business and FinTech Applications. In Handbook of Research on Cybersecurity Issues and Challenges for Business and FinTech Applications. IGI Global, 266–287.
[23]
Amber Wolff. 2023. Cryptojacking Continues Crushing Records. https://blog.sonicwall.com/en-us/2023/08/cryptojacking-continues-crushing-records/ [Online; accessed 11-May-2024].
[24]
Amber Wolff. 2023. Latest Threat Intelligence Reveals Rising Tide of Cryptojacking. https://blog.sonicwall.com/en-us/2023/03/latest-threat-intelligence-reveals-rising-tide-of-cryptojacking/ [Online; accessed 11-May-2024].
Index Terms
- How to evade modern web cryptojacking detection tools? A review of practical findings
Recommendations
CJ-Sniffer: Measurement and Content-Agnostic Detection of Cryptojacking Traffic
RAID '22: Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and DefensesWith the continuous appreciation of cryptocurrency, cryptojacking, the act by which computing resources are stolen to mine cryptocurrencies, is becoming more rampant. In this paper, we conduct a measurement study on cryptojacking network traffic and ...
How You Get Shot in the Back: A Systematical Study about Cryptojacking in the Real World
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications SecurityAs a new mechanism to monetize web content, cryptocurrency mining is becoming increasingly popular. The idea is simple: a webpage delivers extra workload (JavaScript) that consumes computational resources on the client machine to solve cryptographic ...
MineThrottle: Defending against Wasm In-Browser Cryptojacking
WWW '20: Proceedings of The Web Conference 2020In-browser cryptojacking is an urgent threat to web users, where an attacker abuses the users’ computing resources without obtaining their consent. In-browser mining programs are usually developed in WebAssembly (Wasm) for its great performance. Several ...
Comments
Information & Contributors
Information
Published In
July 2024
2032 pages
ISBN:9798400717185
DOI:10.1145/3664476
Copyright © 2024 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 30 July 2024
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
ARES 2024
ARES 2024: The 19th International Conference on Availability, Reliability and Security
July 30 - August 2, 2024
Vienna, Austria
Acceptance Rates
Overall Acceptance Rate 228 of 451 submissions, 51%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 65Total Downloads
- Downloads (Last 12 months)65
- Downloads (Last 6 weeks)34
Reflects downloads up to 07 Mar 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format