New Frontiers In Cryptojacking
Rishikesh Bhide & Tejas Girme, Qualys
This paper presents a thorough analysis of evolution of cryptominer, their infection mechanisms and evasion techniques used to perform cryptomining attacks. We will also talk about ongoing advancements in detection techniques for effective blocking of browser-based mining threats. Following are the key points we will touch upon:
- Infection vectors
- Exploiting vulnerable websites
- Third party services
- Mining via browser extension
- Evasion techniques
- Hosting behind proxy
- Leveraging content delivery services like pastebin & github
- Obfuscation & dynamic injection
We will also be presenting some case studies which will focus on active cryptojacking campaigns. We have evaluated the impact & spread of these active campaigns based on supporting data which we have gathered and analyzed in past several months. We will present the data & analysis to the audience.
Rishikesh Bhide is Senior Developer at Qualys Malware Research Lab.
He has experience in developing Anti-Malware technologies & Network Security products. His current responsibility at qualys includes design & development of Qualys Malware Detection Service & Qualys CoinBlocker Extension. He is a part time ethical hacker & has done several responsible disclosures related to AV & IoT products. He also works on IoT hobby projects using ESP & Raspberry Pi.
Tejas Girme is a Malware Researcher at Qualys. He has expertise in tracking and analyzing active malware threats. In recent time, he has been tracking Ransomware and CryptoMiner threats. Prior to Qualys, he has worked as Threat Research Engineer with Quick Heal Security Labs. He has total experience of 5+ years in malware analysis and reverse engineering.