Thieves in the Browser

Musch, Marius; Wressnegger, Christian; Johns, Martin; Rieck, Konrad

doi:10.1145/3339252.3339261

Cited by 26 publications

(5 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In such situations, a user must be vigilant of the means and methods of cryptojacking, high utilization of CPU, 119,123 battery consumption, 124 overheating, sluggish performance, up‐to‐date security measures, 116,117 responsible websites, anti‐malware software, add‐ons specifically designed to detect and block cryptojacking scripts, Ad blockers by blocking malicious advertisements, script‐blocking extensions or browser settings to disable JavaScript on websites, user educations are some detections and countermeasures that can significantly reduce the risk of falling victim to cryptojacking attacks and protect their computing resources from unauthorized cryptocurrency mining 117,124 . Musch et al 125 proposed a 3‐phase analysis approach to detect cryptojacking scripts. Saad et al 124 built an analytical model to scrutinize the practicality of cryptojacking as an alternative to online advertisement and they underlined that it was not feasible.…”

Section: Discussion Of the Endpoint Vulnerabilitiesmentioning

confidence: 99%

A taxonomy of endpoint vulnerabilities and affected blockchain architecture layers

Noor,

Mustafa

2024

Concurrency and Computation

View full text Add to dashboard Cite

Blockchain technology has gained significant attention and adoption due to its decentralized nature, and promising secure and immutable transactions. The interpretation of Blockchain's components has been presented in an innovative manner, illustrating the features they enable or manage. However, its networks do not appear so immune to vulnerabilities like any other technological system. Among the typical weaknesses, endpoint vulnerabilities refer to weaknesses in the endpoints that interact with the blockchain network. They pose a significant risk to the security and integrity of the entire system. These vulnerabilities can affect blockchain networks including smart contract vulnerabilities, wallet vulnerabilities, and communication vulnerabilities. In view of the absence of any viable taxonomic description and associated value, we attempted a novel comprehensive classification of endpoint vulnerabilities. The proposed taxonomy is designed to logically categorize and classify the various endpoint vulnerabilities through a pictorial representation. It encompasses wallet vulnerabilities, malware, cryptojacking and human negligence. Additionally, this paper proposes a novel approach to mapping endpoint vulnerabilities to the blockchain abstract layer. It gives a unique way to study the vulnerabilities and layers' relation. Finally, the corresponding violated principles behind the vulnerabilities have been identified and indicated. By providing a structured taxonomy of endpoint vulnerabilities, this paper aims to enhance the understanding of the security challenges associated with blockchain applications. By understanding and addressing the taxonomy of endpoint vulnerabilities, blockchain practitioners and researchers can enhance blockchain networks' overall security and trustworthiness, paving the way for broader adoption and utilization of this transformative technology. It may have implications in terms of identifying, linking, developing control, and finally mitigating endpoint vulnerabilities in the rapidly changing environment.

show abstract

Section: Discussion Of the Endpoint Vulnerabilitiesmentioning

confidence: 99%

A taxonomy of endpoint vulnerabilities and affected blockchain architecture layers

Noor,

Mustafa

2024

Concurrency and Computation

View full text Add to dashboard Cite

show abstract

“…Overall, this dynamic approach achieved a recall value of 90% while using the network traffic studied via the Stratum protocol as a dataset of six cryptocurrencies. Musch et al [22] presented an in-browser cryptojacking attack and examined its three phases. They also used Alexa's top 1 million websites as a dataset for their study.…”

Section: Dynamic Approachesmentioning

confidence: 99%

A Real-Time Hybrid Approach to Combat In-Browser Cryptojacking Malware

et al. 2023

View full text Add to dashboard Cite

Cryptojacking is a type of computer piracy in which a hacker uses a victim’s computer resources, without their knowledge or consent, to mine for cryptocurrency. This is made possible by new memory-based cryptomining techniques and the growth of new web technologies such as WebAssembly, allowing mining to occur within a browser. Most of the research in the field of cryptojacking has focused on detection methods rather than prevention methods. Some of the detection methods proposed in the literature include using static and dynamic features of in-browser cryptojacking malware, along with machine learning algorithms such as Support Vector Machine (SVM), Random Forest (RF), and others. However, these methods can be effective in detecting known cryptojacking malware, but they may not be able to detect new or unknown variants. The existing prevention methods are shown to be effective only against web-assembly (WASM)-based cryptojacking malware and cannot handle mining service-providing scripts that use non-WASM modules. This paper proposes a novel hybrid approach for detecting and preventing web-based cryptojacking. The proposed approach performs the real-time detection and prevention of in-browser cryptojacking malware, using the blacklisting technique and statistical code analysis to identify unique features of non-WASM cryptojacking malware. The experimental results show positive performances in the ease of use and efficiency, with the detection accuracy improved from 97% to 99.6%. Moreover, the time required to prevent already known malware in real time can be decreased by 99.8%.

show abstract

“…The authors explored the challenges in cryptojacking detection and highlight the vulnerabilities in the system. Musch et al [19] propose a three-phase analysis approach to identify mining scripts. The authors conclude that cryptojacking is common, with every 500th site hosting cryptojacking malware.…”

Section: Related Workmentioning

confidence: 99%

Do Charging Stations Benefit from Cryptojacking? A Novel Framework for Its Financial Impact Analysis on Electric Vehicles

Malik

Anwar

2022

Energies

View full text Add to dashboard Cite

Electric vehicles (EVs) are becoming popular due to their efficiency, eco-friendliness, and the increasing cost of fossil fuel. EVs support a variety of apps because they house powerful processors and allow for increased connectivity. This makes them an attractive target of stealthy cryptomining malware. Recent incidents demonstrate that both the EV and its communication model are vulnerable to cryptojacking attacks. The goal of this research is to explore the extent to which cryptojacking impacts EVs in terms of recharging and cost. We assert that while cryptojacking provides a financial advantage to attackers, it can severely degrade efficiency and cause battery loss. In this paper we present a simulation model for connected EVs, the cryptomining software, and the road infrastructure. A novel framework is proposed that incorporates these models and allows an objective quantification of the extent of this economic damage and the advantage to the attacker. Our results indicate that batteries of infected cars drain more quickly than those of normal cars, forcing them to return more frequently to the charging station for a recharge. When just 10% of EVs are infected we observed 70.6% more refueling requests. Moreover, if the hacker infects a charging station then he can make a USD 436.4 profit per day from just 32 infected EVs. Overall, our results demonstrate that cryptojackers injected into EVs indirectly provide a financial advantage to the charging stations at the cost of an increased energy strain on society.

show abstract

Thieves in the Browser

Cited by 26 publications

References 16 publications

A taxonomy of endpoint vulnerabilities and affected blockchain architecture layers

A taxonomy of endpoint vulnerabilities and affected blockchain architecture layers

A Real-Time Hybrid Approach to Combat In-Browser Cryptojacking Malware

Do Charging Stations Benefit from Cryptojacking? A Novel Framework for Its Financial Impact Analysis on Electric Vehicles

Contact Info

Product

Resources

About