Criminals hijack browsers to mine cryptocurrency
Cyber criminals supplementing their income by mining cryptocurrencies like Bitcoin is nothing new. Usually this has been done by installing malware or PUPs on the machines of unsuspecting users.
But now researchers at ESET have discovered a new method of mining cryptocurrencies, which can be done directly within your web browser, using JavaScript. This gives attackers the potential to reach a greater number of victims, by infecting websites, rather than by targeting individual machines.
Knowing that the default settings of most browsers include activated JavaScript, attackers simply need to insert the mining script in websites that receive large amounts of traffic. "It is easier to reach a significant number of victims by infecting websites than it is by infecting users’ machines. In this case, attackers were injecting scripts in high-traffic websites impacting mostly Russian, Ukrainian, Belarusian, Moldavian and Kazakh users," says Matthieu Faou, malware researcher at ESET.
The campaign is targeted at the Feathercoin, Litecoin and Monero currencies. These need less CPU power to mine than others, so there's less impact on the performance of the victim’s system.
The attackers injected malicious JavaScript into video streaming and in-browser gaming websites, since their users tend to spend more time on the same webpage, which allows the mining scripts to run for longer and use more computing power. Faou adds, "This method of mining is less effective as it tends to be 1.5 to 2 times slower when compared to mining with regular software, but that is counterbalanced by the higher number of impacted users."
To guard against your browser being used in this way ESET recommends enabling detection of potentially unwanted programs in your internet security solution, installing an ad-blocker, and installing a script blocker, or disabling JavaScript in your browser -- though this may disable some website functionality.
You can find more details of the attack on the ESET WeLiveSecurity blog.
Image Credit: masterSergeant / depositphotos.com