Browser-based Cryptocurrency Mining Ramping Up

Our SOC has observed several cases of browser mining (also referred to as “cryptojacking”) as of late where javascript libraries are being utilized on various webpages to leverage their visitor’s web browsers for mining cryptocurrencies. What this means is that any website that you visit that has the javascript embedded into the page will use your computer’s resources for mining crypto currency while you remain on that website. Malware developers are also using this technique to inject the code into internet ads and compromised websites.

How does it affect me or my users?
The user is not infected with anything, but they may notice a significant performance impact just by simply visiting a website (or an ad) that calls and loads a mining script. Below is a test that our labs teamed performed by browsing to a website that had the coin-hive mining library embedded. As you can see, CPU resources spiked to 100% until the page was closed.

What can you do about it?

We have signatures to detect it and we’ll make our clients aware of the activity. If you have the capability to block or blacklist domains, we are recommending that you block the following.

jsecoin.com
coin-hive.com
coinhive.com
coinhave.com
minemytraffic.com
ppoi.org

By blocking these domains (known at the time of this writing), your users won’t be able to load the mining scripts.