![]() Manufacturing Compromise: The Emergence of Exploit-as-a-service. Zubair Rafique, Moheeb Abu Rajab, Christian Rossow, Kurt Thomas, Vern Paxson, Stefan Savage, and Geoffrey M. Dietrich, Kirill Levchenko, Panayiotis Mavrommatis, Damon McCoy, Antonio Nappa, Andreas Pitsillidis, Niels Provos, M. Chris Grier, Lucas Ballard, Juan Caballero, Neha Chachra, Christian J.Chromium Issue 766068: Please consider intervention for high cpu usage js. Now even YouTube serves ads with CPU-draining cryptocurrency miners. Websites use your CPU to mine cryptocurrency even when you close your browser. of the Workshop on the Economics of Information Security (WEIS) (2018). Amir Feder, Neil Gandal, JT Hamrick, Tyler Moore, and Marie Vasek.of the IEEE Privacy and Security on the Blockchain Workshop (IEEE S&B) (2018). A First Look at Browser-based Cryptojacking. Shayan Eskandari, Andreas Leoutsarakos, Troy Mursch, and Jeremy Clark.Bitcoin ecology: Quantifying and modelling the long-term dynamics of the cryptocurrency market. Abeer ElBahrawy, Laura Alessandretti, Anne Kandler, Romualdo Pastor-Satorras, and Andrea Baronchelli.of the ACM Conference on Computer and Communications Security (CCS) (2018). Investigating Operators' Perspective on Security Misconfigurations. Constanze Dietrich, Katharina Krombholz, Kevin Borgolte, and Tobias Fiebig.Tweak to Chrome Performance Will Indirectly Stifle Cryptojacking Scripts. Firefox Working on Protection Against In-Browser Cryptojacking Scripts. Cryptojackers Found on Starbucks WiFi Network, GitHub, Pirate Streaming Sites. of the ACM Conference on Emerging Networking Experiments and Technologies (CoNEXT) (2015). I Always Feel Like Somebody's Watching Me: Measuring Online Behavioural Advertising. Juan Miguel Carrascosa, Jakub Mikians, Ruben Cuevas, Vijay Erramilli, and Nikolaos Laoutaris.of the Network and Distributed System Security Symposium (NDSS) (2013). Behind the Scenes of Online Attacks: an Analysis of Exploitation Behaviors on the Web. Meerkat: Detecting Website Defacements through Image-based Object Recognition. Kevin Borgolte, Christopher Kruegel, and Giovanni Vigna. ![]() of the ACM Conference on Computer and Communications Security (CCS) (2013). Delta: Automatic Identification of Unknown Web-based Infection Campaigns. Crypto Me0wing Attacks: Kitty Cashes in on Monero. Nadav Avital, Matan Lion, and Ron Masas.Our approach could be integrated into browsers to warn users about silent cryptomining when visiting websites that do not ask for their consent. We discuss how current blacklisting approaches and heuristics based on CPU usage are insufficient, and present MineSweeper, a novel detection technique that is based on the intrinsic characteristics of cryptomining code, and, thus, is resilient to obfuscation. Motivated by our findings, we investigate possible countermeasures against this type of attack. As a result of our study, which covers 28 Coinhive-like services that are widely being used by drive-by mining websites, we identified 20 active cryptomining campaigns. We study the websites affected by drive-by mining to understand the techniques being used to evade detection, and the latest web technologies being exploited to efficiently mine cryptocurrency. In this paper, we perform a comprehensive analysis on Alexa's Top 1 Million websites to shed light on the prevalence and profitability of this attack. While legitimate website operators are exploring these services as an alternative to advertisements, they have also drawn the attention of cybercriminals: drive-by mining (also known as cryptojacking ) is a new web-based attack, in which an infected website secretly executes JavaScript code and/or a WebAssembly module in the user's browser to mine cryptocurrencies without her consent. A wave of alternative coins that can be effectively mined without specialized hardware, and a surge in cryptocurrencies' market value has led to the development of cryptocurrency mining ( cryptomining ) services, such as Coinhive, which can be easily integrated into websites to monetize the computational power of their visitors.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |