Browser-based cryptojacking is back as attacks spike 163%

Published at: Aug. 26, 2020

The crypto price surge since March has been accompanied by a wave of cryptojacking attacks according to new research published by cybersecurity firm Symantec.

According to the company there was a 163% increase in browser-based cryptojacking activity in the second quarter of 2020. Cryptojacking had previously been in a steep decline from March 2019 due to the shutdown of the mining script maker, CoinHive.

Symantec points out the increase in the last quarter coincided with a surge in the value of Bitcoin (BTC) and Monero (XMR), two cryptocurrencies often mined by the threat actors that rely on browser-based cryptojacking malware.

Cryptojacking saw a high activity period from September 2017 to March 2019, becoming one of the most prevalent forms of cyber-attacks at that time. But in 2019, the CoinHive project reportedly became economically inviable. Per the announcement, the mining service stopped its operations on March 8, 2019. Among the reasons behind the closure, the developers noted a 50 percent drop in hash rate following the last Monero hard fork.

During an interview with Cointelegraph on August 01, Josh Lemos, VP of research and intelligence at BlackBerry, said that crypto miners don’t need to be sophisticated and can be delivered in various ways:

"From JavaScript running on a website as a watering hole attack or embedded in a spear-phishing email to supply chain attacks with miners embedded in docker hub images and malicious browser extensions.”

However in a recent report ZDNet suggested that the current increase in attacks was unlikely to be sustained.

“Most cybercrime groups who experimented with cryptojacking operations in the past usually dropped it weeks later, as they also discovered that browser-based cryptocurrency-mining was both a waste of their time and too noisy, drawing more attention to their respective operations than profits.”

Tags
Related Posts
Researchers are calling this new malware a triple threat for crypto users
Cybersecurity experts at ESET published an in-depth study about a new malware named “KryptoCibule.” This exploit specifically targets Windows users with three methods of attack, including by installing a crypto mining app, directly stealing crypto wallet files, and replacing copy/pasted wallet addresses as a means to hijack individual transactions. According to the cybersecurity firm, KryptoCibule’s developers rely on the Tor network and BitTorrent protocol to coordinate the attacks. The malware’s original incarnation first appeared in December 2018. At that time, it was merely a Monero mining utility that quietly harvested user’s system resources to generate the currency. By February 2019, …
Technology / Sept. 2, 2020
Many cloud servers are still at high risk of being hijacked for crypto mining
According to a study published by cybersecurity firm, Aqua Security, cloud servers remain a major target for cryptojacking — a type of attack whose main motivation is to mine cryptocurrencies. The “2020 Cloud Native Threat Report” states that between the second half of 2019 and the first half of 2020, attacks of this nature surged by 250%. In total, 95% of the 16,371 attacks registered during this period were related to cryptojacking. The perpetrators of this type of exploit rely heavily on the use of XMRig, a well-known Monero (XMR) mining app, to deploy the attacks. Aqua Security explained: “Although …
Technology / Sept. 14, 2020
Monero Cryptojacking Malware Targets Higher Education
According to a study published by Guardicore Labs, a malware botnet known as FritzFrog has been deployed to ten millions of IP addresses. The malware has largely targeted governmental offices, educational institutions, medical centers, banks, and telecommunication companies, installing a Monero (XMR) mining app known as XMRig. Guardicore Labs explains that FritzFrog uses a brute-force attack on millions of addresses to gain access to servers. That’s where an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. After it gets in it proceeds to run a separate process named “libexec” to execute XMRig. “It has successfully …
Technology / Aug. 20, 2020
Diabolical Malware Targets Windows Users to Mine Monero
On June 24, security experts from Palo Alto Networks’ Unit 42 warned about a new self-propagating malware that launches cryptojacking and DDoS attacks against Windows systems. The software operates under the name “Lucifer”. According to the study, Lucifer is a hybrid of cryptojacking and DDoS malware that leverages old vulnerabilities on the Windows platform. Vulnerabilities exploited After breaking the security infrastructure, attackers execute commands that release DDoS attacks. This allows them to install XMRig Miner, a well-known Monero (XMR) mining app, to launch cryptojacking attacks. Palo Alto Networks claims that a related Monero wallet has received 0.493527 XMR so far. …
Technology / June 25, 2020
Trend Micro: Outlaw Hacking Group’s Botnet Is Now Spreading a Monero Miner
Cybersecurity company Trend Micro claims to have detected a web address spreading a botnet featuring a monero (XMR) mining component alongside a backdoor. The malware was described on Trend Micro’s official blog on June 13. Per the report, the firm attributes the malware to Outlaw Hacking Group, as the techniques employed are almost the same used in its previous operations. The software in question also holds Distributed Denial of Service (DDoS) capabilities, “allowing the cybercriminals to monetize their botnet through cryptocurrency mining and by offering DDoS-for-hire services.” Trend Micro also believes that the creators of the malware in question are …
Altcoin / June 13, 2019