TY - GEN
T1 - The other side of the coin
T2 - 13th International Conference on Availability, Reliability and Security, ARES 2018
AU - Rauchberger, Julian
AU - Schrittwieser, Sebastian
AU - Dam, Tobias
AU - Luh, Robert
AU - Buhov, Damjan
AU - Pötzelsberger, Gerhard
AU - Kim, Hyoungshick
N1 - Publisher Copyright:
© 2018 Copyright held by the owner/author(s). Publication rights licensed to the Association for Computing Machinery.
PY - 2018/8/27
Y1 - 2018/8/27
N2 - Mining for cryptocurrencies is usually performed on high-performance single purpose hardware or GPUs. However, mining can be easily parallelized and distributed over many less powerful systems. Cryptojacking is a new threat on the Internet and describes code included in websites that uses a visitor's CPU to mine for cryptocurrencies without the their consent. This paper introduces MiningHunter, a novel web crawling framework which is able to detect mining scripts even if they obfuscate their malicious activities. We scanned the Alexa Top 1 million websites for cryptojacking, collected more than 13,400,000 unique JavaScript files with a total size of 246 GB and found that 3,178 websites perform cryptocurrency mining without their visitors' consent. Furthermore, MiningHunter can be used to provide an in-depth analysis of cryptojacking campaigns. To show the feasibility of the proposed framework, three of such campaigns are examined in detail. Our results provide the most comprehensive analysis to date of the spread of cryptojacking on the Internet.
AB - Mining for cryptocurrencies is usually performed on high-performance single purpose hardware or GPUs. However, mining can be easily parallelized and distributed over many less powerful systems. Cryptojacking is a new threat on the Internet and describes code included in websites that uses a visitor's CPU to mine for cryptocurrencies without the their consent. This paper introduces MiningHunter, a novel web crawling framework which is able to detect mining scripts even if they obfuscate their malicious activities. We scanned the Alexa Top 1 million websites for cryptojacking, collected more than 13,400,000 unique JavaScript files with a total size of 246 GB and found that 3,178 websites perform cryptocurrency mining without their visitors' consent. Furthermore, MiningHunter can be used to provide an in-depth analysis of cryptojacking campaigns. To show the feasibility of the proposed framework, three of such campaigns are examined in detail. Our results provide the most comprehensive analysis to date of the spread of cryptojacking on the Internet.
UR - https://www.scopus.com/pages/publications/85055274142
U2 - 10.1145/3230833.3230869
DO - 10.1145/3230833.3230869
M3 - Conference contribution
AN - SCOPUS:85055274142
T3 - ACM International Conference Proceeding Series
BT - ARES 2018 - 13th International Conference on Availability, Reliability and Security
PB - Association for Computing Machinery
Y2 - 27 August 2018 through 30 August 2018
ER -