2 Minute Threat Brief: Browser Cryptocurrency Mining

Eila Shargh

Category: Threat Brief

Cybercriminals have embraced the anonymous nature of cryptocurrency as a new preferred method of profit. Unit 42 released details about attackers hijacking web browsers to mine for compute resources and exchange for cryptocurrency. With the increasing value of cryptocurrency, such as bitcoin and Ethereum, and a better business model with higher returns than malware– and exploit-type attacks, it’s no surprise these types of attacks are becoming more commonplace.

How It Works

Cybercriminals will compromise a website and abuse a legitimate tool on that site to gain access to the compute resources of site visitors’ systems. Using this access, attackers will essentially steal compute resources and exchange them for cryptocurrency credit. This all occurs without the users’ consent or knowledge throughout the duration of their site visits.

The malicious activity itself doesn’t cause long-term damage to systems, and ends as soon as users leave the malicious or compromised site. Additionally, the site will still provide users with its normal, intended functionality. However, users likely experience a noticeable slowdown in system performance.

How to Defend Against It

If you believe your system is being affected by this type of attack, leaving the site or closing your browser will, in most cases, end the attack. Additionally, you should practice good cybersecurity hygiene. This means avoiding unfamiliar websites, clicking on links or downloading attachments from unknown email senders, keeping products updated with the latest security patches, enabling multi-factor authentication, and using reputable security products.

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.

© 2018 Palo Alto Networks, Inc. All rights reserved.