A look into the global drive-by cryptocurrency mining phenomenon [source: malwarebytes]

08 Nov 2017

No Comments

1373

An important milestone in the history of cryptomining happened around mid-September when a company called Coinhive launched a service that could mine for a digital currency known as Monero directly within a web browser.

JavaScript-based mining is cross-platform compatible and works on all modern browsers. Indeed, just about anybody visiting a particular website can start mining for digital currency with eventual profits going to the owner’s wallet (in the best case scenario). In itself, browser-based cryptomining is not illegal and could be seen as a viable business model to replace traditional ad banners.

To differentiate browser-based mining from other forms of mining, many started to label these instances as JavaScript miners or browser miners. The simplicity of the Coinhive API integration was one of the reasons for its immediate success, but due to several oversights, the technology was almost instantly abused.

However, many web portals started to run the Coinhive API in non-throttled mode, resulting in cases of cryptojacking—utilizing 100 percent of the victims’ CPU to mine for cryptocurrency with no knowledge or consent given by the user.

We decided to call this new phenomenon drive-by mining, due to the way the code is delivered onto unsuspecting users, very much like drive-by downloads. There’s one important caveat, though: There is no malware infection at the end of the chain.

For more, click here.