Does Your Browser Block Cryptojacking Attacks?

SHARE
Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
Email  

One of the most common attacks in 2018 has been the scourge of unauthorized cryptocurrency miners that run in the background on websites. It's an attack type that is increasingly referred to as "cryptojacking." In a cryptojacking attack, a cryptocurrency mining script is injected into a server or a web page to take advantage of a victim system's CPU power.

In our last article on cryptojacking, we detailed how to limit the risk of servers being coopted in an unauthorized cryptocurrency mining operation. In this article, you'll learn how to defend your desktop against in-browser cryptojacking attacks.

In-browser cryptojacking

The basic mechanics of in-browser cryptojacking are simple. With the in-browser approach, the cryptojacker injects a line of JavaScript, which then mines cryptocurrency in the browsers.

There are multiple tools and scripts used by websites for in-browser cryptocurrency mining, with the most popular being Coinhive. With Coinhive, a line of JavaScript can be embedded anywhere in site. Perhaps less well known is the fact that Coinhive also has a shortlink service that will trigger a cryptocurrency mining operation simply by clicking a shortened link.

So how do you block sites from consuming your CPU power with cryptocurrency miners? There are a few options.

Block JavaScript

The most obvious thing that can be done is to block all JavaScript for a given page or site. This is a particularly heavy-handed and often unrealistic option, though, as sites tend to also use JavaScript widely for legitimate purposes.

Blocking JavaScript can be done directly as a preference or configuration option in most modern browsers. Another more precise option is to use the NoScript script blocker add-on for Firefox, or the built-in script blocker in Brave, to try to specifically disable known cryptocurrency mining scripts.

Look for high resource utilization

Many modern browsers provide resource utilization metrics that can help pinpoint potential cryptocurrency mining activities. Simply put, if a certain browser tab has a high resource utilization (and it's not being used for a known high-resource task), that could be an indicator of a cryptocurrency miner at work.

Killing the tab process, or just closing the tab, will stop the mining activity.

Gateway protection

Cryptocurrency miners are known issues and often have well-understood characteristics. Multiple web gateway protection technologies provide site filtering rules that will block cryptocurrency miners at the gateway. For more, see eSecurity Planet's guide to 9 Top Secure Web Gateway Vendors.

Endpoint protection

Endpoint Detection and Response (EDR) tools also play a strong supporting role in identifying and blocking cryptojacking attacks on endpoints that come through in-browser scripts. EDR solutions offer continuous monitoring and response to advanced security threats. For a deeper look at EDR vendors, see eSecurity Planet's list of Top Endpoint Detection and Response Solutions and our EDR selection tool.

Browser security

Cryptocurrency mining protection capabilities are also available in different browsers to varying degrees.

The Opera web browser claims to include built-in cryptocurrency miner protection as of the Opera 50 release that debuted on Jan. 4. Opera's cryptocurrency projection is provided via the integration of the NoCoin tool. NoCoin is also available as an optional add-on for other web browsers, including Google Chrome and Mozilla Firefox.

The Brave web browser provides an integrated capability called "Shields" that provides ad-blocking and script blocking, plus anti-tracking features that can help limit the risk of cryptocurrency miners.

Both Google Chrome and Apple Safari have limited integrated ad-blocking capabilities that may be able to block some (but not all) cryptocurrency miners that come via ads.

In addition to NoCoin, there are multiple additional add-ons that can potentially block cryptocurrency miners from running in the browser.

Browser cryptojacking matrix

Testing

There are multiple tools and methods available to test web browsers to confirm that anti-cryptojacking tools are working. One such tool can be found at cryptojackingtest.com, hosted by Opera software.

Different cryptocurrency mining tools are becoming increasingly stealthy and deployment techniques are likely to evolve. Ultimately, as with all security, you have to be wary and use multiple technologies, including browser, endpoint and gateway-based solutions, to help limit the risk and nuisance of cryptocurrency miners consuming your valuable CPU resources.

Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.

Submit a Comment

Loading Comments...