FEATURED STORY

Hackers’ new front in web mining cryptocurrencies

Share
Share

ESET, a global leader in cybersecurity, has discovered a new tactic being used by cybercriminals to profiteer through the mining of cryptocurrencies on the web.

By using malware or potentially unwanted applications installed on the victim’s machine, cybercriminals have for several years taken advantage of cryptocurrency mining in order to realise a profit.

Now, ESET researchers have successfully analysed a special case of mining of cryptocurrencies – done directly within a user’s web browser using JavaScript.

Knowing that the default settings of most browsers include activated JavaScript, attackers can simply insert the mining script in websites such as video streaming, gaming and news sites that receive large amounts of traffic.

“It is easier to reach a significant number of victims by infecting websites than it is by infecting users’ machines. In this case, attackers were injecting scripts in high-traffic websites impacting mostly Russian, Ukrainian, Belarusian, Moldavian and Kazakh users,” explains Matthieu Faou, Malware Researcher at ESET.

To mine Feathercoin, Litecoin and Monero, attackers injected malicious JavaScript into video streaming and in-browser gaming websites, since their users tend to spend more time on the same webpage, which allowed the mining scripts to run longer and use more computing power.

“Although this method of mining is 1.5 to 2 times slower when compared to crypto coin mining with regular software, it  is counterbalanced by the potentially higher number of impacted users,” added Faou.

Some regulatory bodies consider mining cryptocurrencies on a user’s machine without consent equivalent to gaining access to the computer. Thus, developers of such services are expected to advertise it clearly before starting mining, but which rarely happens in these types of distribution scheme using malvertising.

ALSO SEE: ESET discovers new threat targeting gamers

To protect oneself against this kind of threat, ESET advices that users should enable detection of Potentially Unsafe Applications and Potentially Unwanted Applications (PUA) in ESET Internet Security, ESET NOD32 Antivirus and ESET Smart Security Premium solutions while also running regular updates.

One can also consider installing their preferred Ad blocker in their browsers. Additionally, one can also install a script blocker in their browser but which could however disable some websites functionalities.

 

Written by
BT Correspondent -

editor [at] businesstoday.co.ke

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Follow Us

Related Articles
Affordable Housing Project
FEATURED STORY

Govt Puts Up For Sale 4,888 Affordable Housing Units: Here’s The Full List And How To Buy

The government has put up for sale 4,888 affordable housing units across...

Geraldine Sande, Channel Sales Leader for Schneider Electric East Africa
FEATURED STORY

How Working With ‘Glocal’ Original Equipment Manufacturers Can Empower East Africa’s Channel Partners For Success

Channel partners in East Africa, including resellers, distributors, system integrators and panel...

Treasury CS John Mbadi
FEATURED STORY

Understanding Tax Amendment Bills: How The New Laws Will Affect Kenyans

The government has announced several amendments to the existing tax laws to...

Prime Cabinet Secretary and Cabinet Secretary for Foreign & Diaspora Affairs
FEATURED STORY

Inside Kenya’s 60 Years of Diplomatic Journey

Kenya is set to commemorate 60 years of diplomacy this week starting...