Cybercriminals Employ 'Driveby' Cryptocurrency MiningCybercriminals Employ 'Driveby' Cryptocurrency Mining
Mining digital coins is a legal activity, but cybercriminals have discovered a new way to inject malware to perform the task.
November 8, 2017
Cyberthieves are using a new technique to cash in on cryptocurrency mining.
With so-called driveby cryptojacking, the attacker abuses browser-based cryptocurrency mining unbeknownst to the users and website operators, new research from Malwarebytes shows.
Cryptocurrency mining is like panning for gold in the digital age and is considered legal. It demands hordes of computing power to process complex mathematical calculations, which in turn is used to create cryptocurrencies like Bitcoin, Monero, Zcash, and others.
In the past year, cybercriminals have used cryptojacking to snare needed computing power via the browser, says Jerome Segura, lead malware intelligence analyst for Malwarebytes.
Then and Now
Illicit cryptocurrency mining initially began in 2011, a few years after the birth of Bitcoin, Segura says. Cybercriminals up until last year would largely rely on infecting users' computers without their knowledge to hijack, or harvest, the devices' compute power. They typically used phishing scams to entice users to download malicious attachments or visit nefarious websites, where they could automatically load malware onto victims' machines.
Once the device is infected - or devices as in the case of the Bondnet botnet that infected more than 15,000 machines at major institutions, including high-profile companies, universities, and city councils earlier this year - the computing power is used to crunch mathematical calculations and create digital currency.
Coinhive has since released a new API to allow website operators to seek users' permission before harvesting their CPU power, however.
But cybercriminals quickly latched onto Coinhive's technology and began injecting its API into compromised websites, such as WordPress and Magento, without knowledge or consent from site operators, according to Malwarebytes' new report.
The bad guys lose access to users harvested computer power each time they log off of an infected site. So cybercriminals like to target sites where visitors linger for hours, Segura notes.
Sizing Up the Risk
Security professionals facing an onslaught of attacks and alerts, however, aren't likely to prioritize driveby cryptojacking because the amount of harm it creates to the enterprise is minimal, Segura acknowledges. Even so, enterprises should be sure to remove and block driveby cryptojacking from their websites.
"Hacking websites and mining digital coins is further fueling cybercriminals," Segura says. "As a security professional, I look at the potential scale and how this can affect millions of people and it is a big problem because it can generate a lot of revenue for criminals, and we want to put a dent in it and stop it."
Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks