Report: Three of Top Four Malware Threats Are In-Browser Cryptocurrency Miners

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
Report: Three of Top Four Malware Threats Are In-Browser Cryptocurrency Miners
bleepingcomputer.com/news/security: Report: Three of Top Four Malware Threats Are In-Browser Cryptocurrency Miners
By Catalin Cimpanu - March 12, 2018

Three in-browser cryptocurrency mining scripts ranked first, second, and fourth in Check Point's most active malware top ten, outranking classic high-output malware distribution infrastructures such as spam botnets, malvertising, and exploit kit operations.

The three are Coinhive (ranked #1), Crypto-Loot (ranked #2), and JSEcoin (ranked #4). These three are online services that offer JavaScript libraries that website owners can embed on their sites and generate profit by using their visitors' CPU resources to mine the Monero cryptocurrency.

While all three are legitimate services, the JavaScript libraries provided by these three services have been abused by malware authors.

This JavaScript code has been found surreptitiously added to hacked sites, inside mobile apps, in gaming mods, desktop software, and a bunch of other places. It's almost everywhere these days, and you can't go anywhere online without tripping over a site that runs an in-browser cryptocurrency mining (cryptojacking) script in the background.

It's because of this prevalence that some AV vendors have started detecting such scripts as malware.

In Check Point's case, the company says that its security products have detected cryptojacking detections across 42% of the organizations they protect. Coinhive was the leader, with detections found on 20% of all customers, followed by Crypto-Loot with 16%.

Currently, the best ways of stopping websites from abusing your CPU to mine Monero via cryptojackers such as Coinhive, Crypto-Loot, or JSEcoin is to run an antivirus or one of the many browser ad blockers add-ons that can block such scripts, similarly to how they block advertising domains.

Readers looking for an introduction into cryptojacking can find additional information on this trend in a research paper entitled "A first look at browser-based cryptojacking," that will be presented at the IEEE Security and Privacy on the Blockchain (IEEE S&B) UK workshop, in April this year.

For the curious, below are Check Point's top 10 desktop threats and top 3 mobile threats rankings:

Coinhive - in-browser cryptocurrency miner
Crypto-Loot - in-browser cryptocurrency miner
③ RIG EK - exploit kit
JSEcoin - in-browser cryptocurrency miner
⑤ RoughTed - malvertising campaign
⑥ Fireball - Windows adware network
⑦ Necurs - spam botnet
⑧ Andromeda - malware downloader/botnet
⑨ Virut - multi-purpose malware botnet
⑩ Ramnit - banking trojan, malware downloader
① Triada - Android banking trojan
② Lokibot - Android banking trojan
③ Hiddad - Android adware

cryptojacking flickr.com.jpg

cryptojacking flickr.com.jpg
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Does uBlock Origin protect by default against in-browser cryptominers ?
If not, what do I need to do?
 
  • Like
Reactions: Prorootect

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
Does uBlock Origin protect by default against in-browser cryptominers ?
If not, what do I need to do?
They block the script like ads when it gets popular. For example they added coinhive to the list if you go ahead and check. Now if someone uses something new with a new domain it will take them time to react. If you want absolute control then go ahead and use umatrix/scriptsafe etc and block 3rd party scripts.
 

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
Yes. Nano adblocker too.. others surely. Notch items under Privacy: EasyPrivacy, Multipurpose... in nano too: NoCoin Filter List
To be sure, I have little but big anti-mining add-ons/extensions too...two in each browser. The times are difficult.

Ah, I like your post SHvFl - ScriptSafe, and other like Script Blocker for Chrome, Policy Control, I use all these, must have.
 
Last edited:
  • Like
Reactions: harlan4096

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
They block the script like ads when it gets popular. For example they added coinhive to the list if you go ahead and check. Now if someone uses something new with a new domain it will take them time to react. If you want absolute control then go ahead and use umatrix/scriptsafe etc and block 3rd party scripts.
Thanks.
I decided I am not going to lose sleep over this one, because:
1 If a cryptominer is using most or all of the CPU capacity, the user would notice his system slowing to a crawl, and get off the stupid website.
2 If the miner is not slowing the system perceptibly, then no big deal, he will soon close that web page anyways.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top