A Retrospective Analysis of User Exposure to (Illicit) Cryptocurrency Mining on the Web
release_bppfkknqrvbojfqqwtlprmowna
by
Ralph Holz and Diego Perino and Matteo Varvello and Johanna Amann and Andrea Continella and Nate Evans and Ilias Leontiadis and Christopher Natoli and Quirin Scheitle
2020
Abstract
In late 2017, a sudden proliferation of malicious JavaScript was reported on
the Web: browser-based mining exploited the CPU time of website visitors to
mine the cryptocurrency Monero. Several studies measured the deployment of such
code and developed defenses. However, previous work did not establish how many
users were really exposed to the identified mining sites and whether there was
a real risk given common user browsing behavior. In this paper, we present a
retroactive analysis to close this research gap. We pool large-scale,
longitudinal data from several vantage points, gathered during the prime time
of illicit cryptomining, to measure the impact on web users. We leverage data
from passive traffic monitoring of university networks and a large European
ISP, with suspected mining sites identified in previous active scans. We
corroborate our results with data from a browser extension with a large user
base that tracks site visits. We also monitor open HTTP proxies and the Tor
network for malicious injection of code. We find that the risk for most Web
users was always very low, much lower than what deployment scans suggested. Any
exposure period was also very brief. However, we also identify a previously
unknown and exploited attack vector on mobile devices.
In text/plain
format
Archived Files and Locations
application/pdf 265.7 kB
file_wjjnjmpitbb3tndpyuwnitu46m
|
arxiv.org (repository) web.archive.org (webarchive) |
2004.13239v1
access all versions, variants, and formats of this works (eg, pre-prints)