Qualys has developed a free extension for Google Chrome to protect browsers from cryptojacking attacks, Dark Reading has learned.
The new BrowserCheck CoinBlocker Extension uses both domain blacklists for cryptocurrency mining sites as well as heuristics features to detect unknown cryptojacking attack types. Qualys will officially roll out the plug-in on Wed., July 25, but it's already available on the Google Chrome Web Store.
Ankur Tyagi, senior malware research engineer at Qualys and one of the creators of the tool, says while there are other existing Chrome extensions for cryptojacking protection, most rely soley on a blacklist of IP addresses and not heuristics. Qualys' BrowserCheck CoinBlocker Extension also was built to detect the popular CryptoNight family of cryptomining software, Tyagi says, the most pervasive of which is Monero.
Among the other coin types under the CryptoNight umbrella are ByteCoin, Digital Note, AEON, Loki, and BitTube. Tyagi says the heuristics feature in the plug-in can spot patterns that indicate cryptomining algorithm activity.
Google has been well aware of cryptocurrency mining abuse. In April, Google removed and banned cryptocurrency mining extensions in the Chrome Web Store after 90% of these apps violated its policy of properly informing users of the the apps' purpose.
The worldwide overall cryptocurrency market capitalization hit $270 billion this month, according to Qualys, demonstrating just how lucrative it is for abuse. Meantime, malicious coin-mining samples increased by 629% in the first quarter of this year, according to McAfee, from 40,000 samples in Q4 2017 to 2.9 million in Q1 2018.
Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.