Thieves in the Browser
Autor: | Konrad Rieck, Marius Musch, Christian Wressnegger, Martin Johns |
---|---|
Rok vydání: | 2019 |
Předmět: |
021110 strategic
defence & security studies Cryptocurrency business.industry Computer science 0211 other engineering and technologies 02 engineering and technology computer.software_genre JavaScript Blacklist World Wide Web Parasitic computing Scripting language 020204 information systems 0202 electrical engineering electronic engineering information engineering Code (cryptography) Web application Revenue business computer computer.programming_language |
Zdroj: | ARES |
DOI: | 10.1145/3339252.3339261 |
Popis: | With the introduction of memory-bound cryptocurrencies, such as Monero, the implementation of mining code in browser-based JavaScript has become a worthwhile alternative to dedicated mining rigs. Based on this technology, a new form of parasitic computing, widely called cryptojacking or drive-by mining, has gained momentum in the web. A cryptojacking site abuses the computing resources of its visitors to covertly mine for cryptocurrencies. In this paper, we systematically explore this phenomenon. For this, we propose a 3-phase analysis approach, which enables us to identify mining scripts and conduct a large-scale study on the prevalence of cryptojacking in the Alexa 1 million websites. We find that cryptojacking is common, with currently 1 out of 500 sites hosting a mining script. Moreover, we perform several secondary analyses to gain insight into the cryptojacking landscape, including a measurement of code characteristics, an estimate of expected mining revenue, and an evaluation of current blacklist-based countermeasures. |
Databáze: | OpenAIRE |
Externí odkaz: |