How to protect browsers of being crypto jacked (forced to mine crypto in the background)

هيلو عظيم ماڻهو

I already found out about crypto mining in the browser a few years back and find it a fascinating idea. While someone has your website open you can mine crypto in the background. Easy way of getting paid for your content without showing ads or other privacy invasive monetization. Over the last year this became such a huge thing, that it got abused (as was to be expected) to mine without users consent. This week’s paper is researching a method to win this cat and mouse game in favor of the browser users. Classical approaches of blocking certain code patterns are never enough as of why Google is playing around with a neuronal network. Let’s see if this will land in chromium at some point. (TBH I doubt it)


If you enjoy reading the Weekly CS Paper, I would be really thankful if you would support it with a few bucks: gum.co/weeklycspaper. The newsletter will stay free forever!

Software exists to create business value

I am Simon Frey, the author of the Weekly CS Paper Newsletter. And I have great news: You can work with me

As CTO as a Service, I will help you choose the right technology for your company, build up your team and be a deeply technical sparring partner for your product development strategy.

Checkout my website simon-frey.com to learn more or directly contact me via the button below.

Simon Frey Header image
Let’s work together!

Abstract:

Traffic monetization is a crucial component of running most for-profit online businesses. One of its latest incarnations is cryptocurrency mining, where a website instructs the visitor’s browser to participate in building a cryptocurrency ledger in exchange for a small reward in the same currency.In its essence, this practice trades the user’s electric bill, or battery level, for cryptocurrency. With user consent, this exchange can be a legitimate funding source – for example, UNICEF is collecting donations in this fashion on thehopepage.org. Regrettably, this practice also easily lends itself to abuse: in this form, called cryptojacking, attacks surreptitiously mine in the users browser, and profits are collected either by website owners or by hackers that planted the mining script into a vulnerable page. Understandably, users frown upon this practice and have sought to mitigate it by installing blacklist-based browser extensions (the top 3 for Chrome total over one million installs), whereas researchers have devised more robust methods to detect it. In turn, crypto jackers have been bettering their evasion techniques, incorporating in their toolkits domain fluxing, content obfuscation, the use WebAssembly, and throttling. The latter, in particular, grew from being a niche feature, adopted by only one in ten sites in 2018 [18], to become commonplace in 2019, reaching an adoption ratio of 58%. Whereas most state-of-the-art defenses address multiple of these evasion techniques, none is resistant against all. In this paper, we offer a novel detection method, CoinPolice, that is robust against all of the aforementioned evasion techniques. CoinPolice flips throttling against cryptojackers, artificially varying the browser’s CPU power to observe the presence of throttling. Based on a deep neural network classifier, CoinPolice can detect 97.87% of hidden miners with a low false-positive rate (0.74%). We compare CoinPolice performance with the current state of the art and show our approach outperforms it when detecting aggressively throttled miners. Finally, we deploy CoinPolice to perform the largest-scale cryptomining investigation to date, identifying 6700 sites that monetize traffic in this fashion

Download Link:

https://storage.googleapis.com/pub-tools-public-publication-data/pdf/6db025d48022ea9e224db2f40f07fdcb9cb25c3f.pdf


Additional Links:

Weekly in-depth computer science knowledge to become a better programmer. For free!
Over 2000 subcribers. One click unsubscribe.