Cryptojacking: The new gold rush?Tuesday, December 5, 2017
The crypto-gold rush continues to surge, with many established currencies hitting all-time highs in the last week, with Bitcoin crossing the $11,800 threshold, and Ethereum $522, in what has become one of the most publicised markets around, if not the most stable.
Researchers from MalwareBytes found that the nefarious pop-up has “some functions that come straight from the Coinhive documentation, such as .hasWASMSupport” but they also noted the stealthy aspect of the scheme: “the mining is being throttled to have a moderate impact on users’ machines so that it stays under the radar.”
Another researcher took on the challenge of quantifying the volume of compromised sites, eventually uncovering CoinHive code on 2496 e-commerce sites. Interestingly, as CoinHive requires a unique account ID to credit hashes to, further analysis of the infected stores revealed that 85 per cent are linked to just two CoinHive accounts, while the remaining 15 per cent are spread widely across multiple unique CoinHive accounts. Because the tag added to this remaining 15 per cent segment is consistent, the researcher concluded that the cryptojacking surge is down to just three groups or individuals.
“Some sites bluntly include the official coinhive.js file, others are more stealthy and include an iframe that points to siteverification.online. This site shows a default Debian installation page but include a cryptominer nevertheless. Some others disguise as Sucuri Firewall…” he said in a blogpost. Recent data from Kaspersky Lab found that in the first nine months of 2017, cryptocurrency malware had infected more than 1.65 million endpoints, a rise of 608 per cent since 2013.
The cryptojacking trend has already had a significant impact on the app world, especially Android apps on Google Play, which are tempting targets for attackers due to their availability and massive user base. A number of apps compromised with versions of CoinHive were reported recently, while research from High-Tech Bridge found that more than 90 per cent of apps tested may be vulnerable.
Ilia Kolochenko, CEO, High-Tech Bridge said that blockchain technologies - including cryptocurrencies - often gave users a false sense of security. “The blockchain technology used for cryptocurrencies (and many other purposes) can be considered quite mature and reliable if properly implemented. Particular cryptocurrencies may have complicated logic errors in their implementation and design, allowing unwarranted manipulations with the currency. However, such flaws are very rare, hard to detect and exploit.”
However, when speaking about all the technologies above – like exchange platforms – they are just common IT systems and inherit the entire spectrum of cybersecurity risks and perils. If anyone has access to your digital wallet and s/he is hacked, no blockchain will help. Moreover, it will likely exacerbate the problem as the illicit transaction will be virtually uncancellable. We cannot use blockchain in isolation from all other technologies, and therefore we shall carefully assess and mitigate tangential and contiguous risks.”
Researchers from High-Tech Bridge recently tested the most popular crypto currency mobile applications from Google Play from the ‘Finance’ category with a vulnerability scanner, Mobile X-Ray, a free online service with SAST, DAST and IAST capabilities for native and hybrid Android and iOS applications.
The results were shocking, with apps that have seen more than half a million downloads still seeing a 94 per cent majority with at least three medium-risk vulnerabilities...