A First Look at Browser-Based Cryptojacking

Shayan Eskandari, Andreas Leoutsarakos, Troy Mursch, Jeremy Clark
{"title":"A First Look at Browser-Based Cryptojacking","authors":"Shayan Eskandari, Andreas Leoutsarakos, Troy Mursch, Jeremy Clark","doi":"10.1109/EuroSPW.2018.00014","DOIUrl":null,"url":null,"abstract":"In this paper, we examine the recent trend to- wards in-browser mining of cryptocurrencies; in particular, the mining of Monero through Coinhive and similar code- bases. In this model, a user visiting a website will download a JavaScript code that executes client-side in her browser, mines a cryptocurrency—typically without her consent or knowledge—and pays out the seigniorage to the website. Websites may consciously employ this as an alternative or to supplement advertisement revenue, may offer premium content in exchange for mining, or may be unwittingly serving the code as a result of a breach (in which case the seigniorage is collected by the attacker). The cryptocurrency Monero is preferred seemingly for its unfriendliness to large-scale ASIC mining that would drive browser-based efforts out of the market, as well as for its purported privacy features. In this paper, we survey this landscape, conduct some measurements to establish its prevalence and profitability, outline an ethical framework for considering whether it should be classified as an attack or business opportunity, and make suggestions for the detection, mitigation and/or prevention of browser-based mining for non- consenting users.","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-03-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"129","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EuroSPW.2018.00014","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 129

Abstract

In this paper, we examine the recent trend to- wards in-browser mining of cryptocurrencies; in particular, the mining of Monero through Coinhive and similar code- bases. In this model, a user visiting a website will download a JavaScript code that executes client-side in her browser, mines a cryptocurrency—typically without her consent or knowledge—and pays out the seigniorage to the website. Websites may consciously employ this as an alternative or to supplement advertisement revenue, may offer premium content in exchange for mining, or may be unwittingly serving the code as a result of a breach (in which case the seigniorage is collected by the attacker). The cryptocurrency Monero is preferred seemingly for its unfriendliness to large-scale ASIC mining that would drive browser-based efforts out of the market, as well as for its purported privacy features. In this paper, we survey this landscape, conduct some measurements to establish its prevalence and profitability, outline an ethical framework for considering whether it should be classified as an attack or business opportunity, and make suggestions for the detection, mitigation and/or prevention of browser-based mining for non- consenting users.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
首先看看基于浏览器的加密劫持
在本文中,我们研究了最近向浏览器内挖掘加密货币的趋势;特别是通过Coinhive和类似的代码库挖掘门罗币。在这个模型中,访问网站的用户将下载一段JavaScript代码,该代码在她的浏览器中执行客户端,挖掘一种加密货币——通常不需要她的同意或知情——并向网站支付铸币税。网站可能会有意识地将其作为替代方案或补充广告收入,可能会提供优质内容以换取挖掘,或者可能会在不知情的情况下提供代码作为破坏的结果(在这种情况下,铸币税被攻击者收集)。加密货币门罗币之所以受到青睐,似乎是因为它对大规模ASIC挖矿不友好,而大规模ASIC挖矿会将基于浏览器的挖矿挤出市场,此外它还具有所谓的隐私功能。在本文中,我们对这一情况进行了调查,进行了一些测量以确定其普遍性和盈利能力,概述了一个道德框架,用于考虑将其归类为攻击还是商业机会,并为检测、缓解和/或防止针对未经同意的用户的基于浏览器的挖掘提出建议。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
FP -TESTER : Automated Testing of Browser Fingerprint Resilience The Secret Processor Will Go to the Ball: Benchmark Insider-Proof Encrypted Computing The Impact of Uncle Rewards on Selfish Mining in Ethereum Privacy Compliance Via Model Transformations Inferring OpenVPN State Machines Using Protocol State Fuzzing
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1