To never miss an article subscribe to my newsletter
No ads. One click unsubscribe.

How to protect browsers of being crypto jacked (forced to mine crypto in the background)

3 min read

هيلو عظيم ماڻهو

I already found out about crypto mining in the browser a few years back and find it a fascinating idea. While someone has your website open you can mine crypto in the background. Easy way of getting paid for your content without showing ads or other privacy invasive monetization. Over the last year this became such a huge thing, that it got abused (as was to be expected) to mine without users consent. This week’s paper is researching a method to win this cat and mouse game in favor of the browser users. Classical approaches of blocking certain code patterns are never enough as of why Google is playing around with a neuronal network. Let’s see if this will land in chromium at some point. (TBH I doubt it)


If you enjoy reading the Weekly CS Paper, I would be really thankful if you would support it with a few bucks: gum.co/weeklycspaper. The newsletter will stay free forever!


Abstract:

Traffic monetization is a crucial component of running most for-profit online businesses. One of its latest incarnations is cryptocurrency mining, where a website instructs the visitor’s browser to participate in building a cryptocurrency ledger in exchange for a small reward in the same currency.In its essence, this practice trades the user’s electric bill, or battery level, for cryptocurrency. With user consent, this exchange can be a legitimate funding source – for example, UNICEF is collecting donations in this fashion on thehopepage.org. Regrettably, this practice also easily lends itself to abuse: in this form, called cryptojacking, attacks surreptitiously mine in the users browser, and profits are collected either by website owners or by hackers that planted the mining script into a vulnerable page. Understandably, users frown upon this practice and have sought to mitigate it by installing blacklist-based browser extensions (the top 3 for Chrome total over one million installs), whereas researchers have devised more robust methods to detect it. In turn, crypto jackers have been bettering their evasion techniques, incorporating in their toolkits domain fluxing, content obfuscation, the use WebAssembly, and throttling. The latter, in particular, grew from being a niche feature, adopted by only one in ten sites in 2018 [18], to become commonplace in 2019, reaching an adoption ratio of 58%. Whereas most state-of-the-art defenses address multiple of these evasion techniques, none is resistant against all. In this paper, we offer a novel detection method, CoinPolice, that is robust against all of the aforementioned evasion techniques. CoinPolice flips throttling against cryptojackers, artificially varying the browser’s CPU power to observe the presence of throttling. Based on a deep neural network classifier, CoinPolice can detect 97.87% of hidden miners with a low false-positive rate (0.74%). We compare CoinPolice performance with the current state of the art and show our approach outperforms it when detecting aggressively throttled miners. Finally, we deploy CoinPolice to perform the largest-scale cryptomining investigation to date, identifying 6700 sites that monetize traffic in this fashion

Download Link:

https://storage.googleapis.com/pub-tools-public-publication-data/pdf/6db025d48022ea9e224db2f40f07fdcb9cb25c3f.pdf


Additional Links:


It would be awesome if you could help growing our little paper community even more by sharing it with your circles (you can also @eu_frey me on Twitter for retweets :D):

simon-frey.com/weeklycspaper

If you have any paper recommendation for me, please do not hesitate to approach me via [email protected] (Please keep the Backend & DevOps topic focus in mind)


With much love,

Simon Frey