32.3 C
Guru Unix /Linux and GNU supporter

Improved Methods for Avoiding In-browser Miner Detection

Hackers are never the stupid ones for sure. Whenever they create a malware, it amazes us quite well. When the world learns to counter it, they improve or rewrite another malware to breach the system. That’s what happening to cryptojacking. It’s a process that uses others’ hardware resource to mine cryptocurrency and earn money without paying the electricity bill. In-browser mining tools are already in action, but hackers have found better techniques to hide the mining process from the system watchdogs.

Cryptojacking has turned into the hottest malware trend of the recent days. Hackers don’t need to break into your bank account. Instead, they can simply use your PC to make money. You pay for the energy consumption and hackers get their money free of charge. After emerging, lots of security software (antivirus, ad blockers, browser extensions etc.) are now able to detect and block cryptojacking scripts. The miner was previously loaded as JavaScript codes associated with cryptojacking servers.

Hackers now have found ways to work around the blocking and mine freely. Using proxy servers, crooks are now able to inject the mining code into your browser.

Proxy servers helping to evade detection

The most widespread and popular method of such workaround is deploying a “cryptojacking proxy server”. There’s an example available on GitHub, named CoinHive Stratum Mining Proxy.

- Advertisement -

These proxies allow the hackers to host the mining codes on their server (instead of CoinHive, DeepMiner, CryptoLoot servers) and load them as an anonymous JavaScript code. As you guessed, these servers are blocked by security programs by default.

Secondly, the proxies let the hackers to utilize a custom mining pool, featuring to detach the mining process from the parent cryptojacking service. For example, this ability ensures no fee payment to CoinHive.

Due to all these facilities, hackers are currently tending to use them as a defensive layer for their miners. Two security vendor company – Malwarebytes and Sucuri – have been tracking such attacks in the recent months.

The only way to identify the illegal mining is to check your system’s performance. If the CPU or GPU usage is pretty high, that means that a cryptojacking process is running. You can use Task Manager (on Windows) or System Monitor (on Linux) or any similar programs to check out the CPU usage regularly for any suspicious activity.

Hackers currently succeeded in earning $75,000 from a new campaign discovered recently. Learn more about how hackers earned the money using a 5-years-old exploit.

- Advertisement -
Everything Linux, A.I, IT News, DataOps, Open Source and more delivered right to you.
"The best Linux newsletter on the web"


Please enter your comment!
Please enter your name here

Latest article