Cryptojacking, an attempt to use a device’s spare computing power to mine digital currencies, is gaining ground ever since crypto assets started getting mainstream acceptance. Researchers from China’s Fudan University and Tsinghua University collaborated with the University of California Riverside to produce the first systematic study of these attacks. The researchers claim that cryptojackers are becoming more sophisticated over time, and it appears that the trend will not stop, at least not in the near future.
Measuring the Extent of Cryptojacking
The study paves the way for a systematic approach to understanding cryptojacking. Researchers used CMTracker, a cryptojacking detector, to monitor over 850,000 websites. The study suggests that existing survey methods could not identify at least 53.9 percent of the identified cryptojacking samples. This is because existing approaches assume that cryptojacking web pages exhaust users’ CPU resources or contain malicious payload signatures in keywords. The blacklisting methodology used currently was described as “both incomplete and inaccurate.”
CMTracker, however, depends on two behavior-based profilers. One is the hash-based profiler, which detects automated mining scripts. The other is the stack-structure profiler, which monitors a website’s calling stack. When a website spends over 10 percent of its execution time on hashing, it is reported as a crypto miner. This methodology helps in catching sophisticated miners instead of the obvious ones.
On the other hand, the stack-structure profiler proves to be handy when hackers bypass hash-based profiling. Stack structure relies on patterns that are identified when single or multiple threads are created. This is another way of identifying crypto miners. The researchers further confirm the results by doing a final check manually.
What Do the Results Suggest?
Thirty-five websites identified during the study were classified as benign because they sought implicit agreement from users. Of the top 100,000 sites rated by Alexa, the CMTracker found 868 domains containing cryptojacking. And after a further evaluation of external links, which includes 548,264 distinct domains from the 100,000 top sites rated by Alexa, 2,700 were found to be cryptojacking sites.
Cryptojacking activities have increased by a whopping 260 percent in just five months within the period November 2017 to April 2018. The websites most affected by these attacks are those serving adult content, as well as arts and entertainment websites. Ideally, the more time a person spends on a website, the better it is for the hackers.
The researchers estimate that hackers could be gaining $1.7 million from over 10 million users every month by mining Monero. It also increases energy consumption significantly as 278,000 kWh of extra power units are consumed every day. This much electricity can be used to power a small town of 9,000 people.