A Retrospective Analysis of User Exposure to (Illicit) Cryptocurrency Mining on the Web release_bppfkknqrvbojfqqwtlprmowna

by Ralph Holz and Diego Perino and Matteo Varvello and Johanna Amann and Andrea Continella and Nate Evans and Ilias Leontiadis and Christopher Natoli and Quirin Scheitle

Released as a article .

2020  

Abstract

In late 2017, a sudden proliferation of malicious JavaScript was reported on the Web: browser-based mining exploited the CPU time of website visitors to mine the cryptocurrency Monero. Several studies measured the deployment of such code and developed defenses. However, previous work did not establish how many users were really exposed to the identified mining sites and whether there was a real risk given common user browsing behavior. In this paper, we present a retroactive analysis to close this research gap. We pool large-scale, longitudinal data from several vantage points, gathered during the prime time of illicit cryptomining, to measure the impact on web users. We leverage data from passive traffic monitoring of university networks and a large European ISP, with suspected mining sites identified in previous active scans. We corroborate our results with data from a browser extension with a large user base that tracks site visits. We also monitor open HTTP proxies and the Tor network for malicious injection of code. We find that the risk for most Web users was always very low, much lower than what deployment scans suggested. Any exposure period was also very brief. However, we also identify a previously unknown and exploited attack vector on mobile devices.
In text/plain format

Archived Files and Locations

application/pdf  265.7 kB
file_wjjnjmpitbb3tndpyuwnitu46m
arxiv.org (repository)
web.archive.org (webarchive)
Read Archived PDF
Preserved and Accessible
Type  article
Stage   submitted
Date   2020-04-28
Version   v1
Language   en ?
arXiv  2004.13239v1
Work Entity
access all versions, variants, and formats of this works (eg, pre-prints)
Catalog Record
Revision: 7c21e62c-3fa6-4d20-9bb5-991ae4841418
API URL: JSON