Thieves in the Browser
| Autor: | Konrad Rieck, Marius Musch, Christian Wressnegger, Martin Johns |
|---|---|
| Rok vydání: | 2019 |
| Předmět: |
021110 strategic
defence & security studies Cryptocurrency business.industry Computer science 0211 other engineering and technologies 02 engineering and technology computer.software_genre JavaScript Blacklist World Wide Web Parasitic computing Scripting language 020204 information systems 0202 electrical engineering electronic engineering information engineering Code (cryptography) Web application Revenue business computer computer.programming_language |
| Zdroj: | ARES |
| Popis: | With the introduction of memory-bound cryptocurrencies, such as Monero, the implementation of mining code in browser-based JavaScript has become a worthwhile alternative to dedicated mining rigs. Based on this technology, a new form of parasitic computing, widely called cryptojacking or drive-by mining, has gained momentum in the web. A cryptojacking site abuses the computing resources of its visitors to covertly mine for cryptocurrencies. In this paper, we systematically explore this phenomenon. For this, we propose a 3-phase analysis approach, which enables us to identify mining scripts and conduct a large-scale study on the prevalence of cryptojacking in the Alexa 1 million websites. We find that cryptojacking is common, with currently 1 out of 500 sites hosting a mining script. Moreover, we perform several secondary analyses to gain insight into the cryptojacking landscape, including a measurement of code characteristics, an estimate of expected mining revenue, and an evaluation of current blacklist-based countermeasures. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|