Based on extensive research from Qualys Malware Research Labs, Qualys is announcing Qualys BrowserCheck CoinBlocker, a new Google Chrome browser extension to protect users from browser-based coin mining attacks. Cryptomining is a rising online threat that is expected to grow as digital currencies and blockchain technologies are getting wider acceptance. The attacker is employing various techniques to use unsuspecting users’ systems for malicious purposes.
Cryptojacking has gone mainstream recently because it is safer for cybercriminals and webmasters than ransomware, which requires interaction with the victim to collect payment. And because crypto jacking is browser-based, it is easier to infect victims than hacking into servers. As crypto mining becomes more resource-intensive over time in terms of computing power and electricity consumption required, stealing those resources is becoming more enticing to attackers.
The resource-intensive mining process is carried out on victim systems typically consumes more than 70% of CPU, that reduces system performance, increases power consumption and can cause possible permanent damage to the system. Because crypto jacking helps attackers earn cryptocurrency without spending a dime on mining infrastructure, it is very profitable. The overall cryptocurrency market capitalization has reached more than $270 billion as of July 2018 with more than 1700 active projects.
There is a lot of money to be made for attackers leveraging these projects, and crypto mining are gradually moving to the centre stage of threat landscape as an even more attractive option compared to the recent favourite ransomware campaigns.