New Frontiers In Cryptojacking
Rishikesh Bhide & Tejas Girme, Qualys
In recent months, Cryptojacking attacks have gone mainstream mainly due to its ability to monetize in comparatively easy, effortless and scalable manner, which wasn’t the case with ransomwares. During initial days, attackers were exploiting vulnerabilities in popular websites to host JavaScript based miners. As security products started identifying cryptominers as a major threat, browser-based miners started evolving their techniques to be more evasive. We have been tracking active cryptojacking threats across the globe in past several months and have analyzed how cryptominers have evolved over the course of time.
This paper presents a thorough analysis of evolution of cryptominer, their infection mechanisms and evasion techniques used to perform cryptomining attacks. We will also talk about ongoing advancements in detection techniques for effective blocking of browser-based mining threats. Following are the key points we will touch upon:
- Infection vectors
- Exploiting vulnerable websites
- Third party services
- Mining via browser extension
- Evasion techniques
- Hosting behind proxy
- Leveraging content delivery services like pastebin & github
- Obfuscation & dynamic injection
We will also be presenting some case studies which will focus on active cryptojacking campaigns. We have evaluated the impact & spread of these active campaigns based on supporting data which we have gathered and analyzed in past several months. We will present the data & analysis to the audience.
Rishikesh Bhide
Rishikesh Bhide is Senior Developer at Qualys Malware Research Lab.
He has experience in developing Anti-Malware technologies & Network Security products. His current responsibility at qualys includes design & development of Qualys Malware Detection Service & Qualys CoinBlocker Extension. He is a part time ethical hacker & has done several responsible disclosures related to AV & IoT products. He also works on IoT hobby projects using ESP & Raspberry Pi.
Tejas Girme
Tejas Girme is a Malware Researcher at Qualys. He has expertise in tracking and analyzing active malware threats. In recent time, he has been tracking Ransomware and CryptoMiner threats. Prior to Qualys, he has worked as Threat Research Engineer with Quick Heal Security Labs. He has total experience of 5+ years in malware analysis and reverse engineering.