Under Attack?
Search
Menu
  • Blog
  • Security
  • Drive-By Cryptomining: Another Way Cyber-Criminals Are Trying to Evade Detection

Drive-By Cryptomining: Another Way Cyber-Criminals Are Trying to Evade Detection

By Fabio PalozzaAugust 1, 2018

By the end of the last year, we saw a drastic rise in drive-by cryptocurrency mining activities and it is quite alarming to note that cyber-criminals are getting smarter and smarter day-by-day at avoiding detection. Interestingly, cyber-criminals can deploy drive-by cryptocurrency mining to target a much wider audience compared to what they would typically achieve by delivering malware-based miners to machines.

However, drive-by activities have a shorter period of impact, which means that mining activities will be interrupted once a user leaves the malicious website or chooses to close the malicious tab. While this may pose a major constraint for cyber-criminals, they have successfully addressed this shortcoming by using pop-unders, which are frequently used to launch fraudulent ads. Alarmingly, malicious pop-under tabs that have malicious codes embedded in them are launched right under the taskbar, thereby preventing users from even discovering their presence. This means that the mining activities will continue unhindered until the users shut down their systems. To make things worse, cyber-criminals have started masking their codes to prevent detection.

[You might also like: Accessing Your Crypto Wallet Through Android Devices?]

Apart from using pop-unders to facilitate constant mining activities, cyber-criminals have also been discovering innovative ways to continue malicious mining activities for prolonged periods. One of the most pronounced examples is how cyber-criminals are making use of ambushed browser extensions to deliver codes in every web session.

Last year in September, Coinhive was introduced to promote mining of the Monero currency on a web browser. The platform allowed for easy API integration, which contributed to its instant success, but very soon, cyber-criminals used the service to promote malicious mining activities. The platform API was not safeguarded by any security solution so it could be used to launch drive-by mining attacks very easily. What you need to know is that apart from JavaScript, there are additional ways to mine currencies within the browser. In this regard, we can cite the example of a new format called WebAssembly, which is being used to a larger extent mainly because of the fact that the WebAssembly modules can be made to run at a faster speed, which is what makes them a better option than JavaScript.

Stay tuned for Part 5 of our crypto-currency mining series, coming soon!

Read the “2018 C-Suite Perspectives: Trends in the Cyberattack Landscape, Security Threats and Business Impacts” to learn more.

Download Now

Posted in: SecurityTags:

Fabio Palozza

Fabio is Technical Director EMEA-CALA, responsible for Systems Engineering in the theater. With a long experience, he began his career in software development for aerospace systems before getting into IT vendor ecosystem with Bay Networks/Nortel and Juniper Networks, up to being Technical Director EMEA for the Telecom, Cloud and Content businesses. Fabio writes about technology strategy, trends and implementation.

Related Articles

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Contact Us Now

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

CyberPedia

An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

CyberPedia
What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center
Close

What are you looking for?