The add-ons, themselves, could be used to deliver potential malware, modify the web page content, perform file execution, etc. Threats like these indicate the need to be proactive in educating the users of the system to secure their browsers. Browser extensions like “No Coin” are available on Google Chrome and Firefox.Such behavior could indicate that you are affected by cryptojacking by that site Use the Task Manager (Windows) or Activity Monitor (Mac OS X) utilities to monitor for sudden spikes in resource usage when visiting a given website.The visitor’s computer’s performance may degrade over time as system resources are reallocated to mining processes.If a user visits multiple sites with this kind of injected script and opens them in multiple tabs, then his system resources can be exhausted.This would call for data protection and privacy laws to be revisited Gaining access to a user’s resources without his consent is deemed illegal in many regions including European Union.Note that even with an opt-in approach, potential issues, such as computer wear and tear, cannot be ruled out Cryptojacking is not only a threat but a theft when no opt-in/opt-out mechanism is provided to the user.Some reasons as to why this is unethical and dangerous: While one of the legitimate miners eventually stated that they would ensure that users are notified that their computers were being used to mine cryptocurrency, it still casts a doubt on the efficacy of this approach. Of greater concern, malicious actors have copied and injected the JavaScript into popular websites to take advantage of the sites’ large userbases. Some of the legitimate script miners have received negative press because they didn’t provide an opt-in or opt-out option to the visitors of web sites that run their mining technologies. The diagram below illustrates how one threat actor can use a few lines of JavaScript code to hijack a multitude of innocent users’ computation power to make money mining cryptocurrency. One legitimate script miner states that a website that gets a million visitors in a month may earn up to an average of $116 worth of Monero. The malicious user can start the process of mining and make free money!!!! The malicious user plants a JavaScript on the web browser that uses up the CPU cycles to mine cryptocurrencies. In an enterprise environment, this could equate to significant costs if large numbers of its machines fell victim to cryptojacking. In addition to ignoring end-user consent, cryptojacking can cause wear and tear on their machine, potentially effecting the machine’s lifespan and performance. The concept of “end-user” consent is not enforced which raises serious ethical concerns on this issue. Ideally, it could be termed “theft of computing resources.” The websites make money at the expense of the user’s computing power. What makes this attack stealthy and nasty is the fact that for the most part the end user is not even aware that this is happening to him. In effect, time and CPU resources are used to generate money. This is a new kind of menace in which malicious users or the hosts of a given website try to capture the visitor’s computer CPU cycles to mine cryptocurrency like Bitcoin or Monero.Ĭryptocurrencies are generally reliant on users “mining” – or dedicating CPU resources to solving a complex algorithm – to create new units. Your internet connection is slower than usual, your PC is also very slow, and you notice that your CPU fan is running faster when you are on a given website.Īll the above symptoms indicate that you could be a victim of cryptojacking.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |