Cryptojacking involves secretly using a victim's computing resources to mine cryptocurrencies without consent. Attackers can embed cryptojacking scripts on websites through vulnerabilities like cross-site scripting (XSS). When visitors access the infected sites, their browsers' CPUs are used to generate cryptocurrency for the attacker. Other cryptojacking methods include subdomain takeovers, network-level attacks by setting up rogue hotspots, and exploiting remote code execution bugs to install cryptojacking software. Website owners can prevent cryptojacking by fixing security issues, implementing content security policies and HTTPS, and monitoring CPU usage.
2. $Whoami (@vishwaraj101)
● An infosec student who loves to build and break stuffs also on both the
sides.
● An uncertified ASS (Application security specialist)
Note: Opinion and onions both are my own! I am not responsible for any of
your actions! Demos are entirely for educational purpose.
3. cat agenda.txt
● Overview
● What is cryptocurrency ?
● What is cryptomining ?
● What is cryptojacking ?
● Various attacks on web
application
● How to prevent yourself
against such attacks ?
4. Overview
● Because of the blast in cryptocurrencies from past few years. The flavor of
web attacks are also changing This talk explains some of the way how
common web application vulnerabilities can be exploited around the web by
bad guys to mine cryptocurrencies
● Why people are crazy simple reason money!
● Also monetization instead of using ads now websites can monetize by using
visitor’s cpu dedicated for mining. It’s a result of creativity around
cryptocurrencies the way community is evolving and going places is amazing
the script helps any user to dedicate its cpu just from his/her browser and
start mining process hassle free coinhive.com is one such example doing in a
good way just check out .
5. What is cryptocurrency ?
● A cryptocurrency (or crypto currency) is a digital asset designed to work as a
medium of exchange that uses cryptography to secure its transactions, to
control the creation of additional units, and to verify the transfer of assets.
● Cryptocurrencies are a type of digital currencies, alternative currencies and
virtual currencies.
● Cryptocurrencies use decentralized control as opposed to centralized
electronic money and central banking systems.The decentralized control of
each cryptocurrency works through a blockchain, which is a public
transaction database, functioning as a distributed ledger.
6. What is cryptocurrency mining?
● Mining is the computer process of recording and verifying information on the
digital record known as the blockchain.
● As there is no central authority or central bank, there has to be a way of
gathering every transaction carried out with a cryptocurrency in order to
create a new block. Network nodes that carry out this task called dubbed
'miners'. Every time a slew of transactions is amassed into a block, this is
appended to the blockchain. Whoever appends the block gets rewarded with
some of that cryptocurrency.
● To prevent the devaluation of the currency by miners building lots of blocks,
the task is made harder to conduct. This is achieved by making miners solve
complicated mathematical problems called proof of work'
7. What is cryptojacking ?
● Cryptojacking is defined as the secret use of your computing device to mine
cryptocurrency.
● In-browser cryptojacking can happen to any computing device that can run
JavaScript. This means your desktop, laptop and even mobile device could
be potential targets for in-browser cryptomining.
● When Cryptojacking scripts are deployed on high traffic websites - this yields
real returns. For example, a high traffic site like The Pirate Bay with 315
million views per month would only net around $12,000 per month based on
cryptojacking (Source).
● Emerging threat actor and as a threat is much bigger and probably with
much larger impact than Ransomware.
8. How does in browser cryptojacking works ?
● Attacker tricks victims into loading cryptomining code onto their computers.
This is done through phishing-like tactics: Victims receive a legitimate-
looking email that encourages them to click on a link. The link runs code that
places the cryptomining script on the computer. The script then runs in the
background as the victim works.
Example : Coinhive mining script
9. India ranks 2nd in asia pacific
● India is the ninth most affected country in the world and ranks second in
Asia-Pacific Japan region in cryptojacking activities, according to a report by
cybersecurity firm Symantec.
11. XSS with mining script
● This above image describes about any general stored XSS attack in
progress. Where attacker injects its malicious JavaScript and when the victim
visits that page he gets hooked the only difference here is attacker injects his
mining script on a XSS vulnerable page instead of general popup alert (1) or
cookie stealing JavaScript. Once the victim visits that infected page
unknowingly the victim browser will start mining for the attacker!
● Next XSS gonna cost you some cpu
12. Remote Code Execution Scenarios
1. Attacker finds a sql injection bug in website.
2. Exploits File uploads using ImageTragik , SVG files , favicon.ico etc
3. Gains access to admin panel
4. Template injection (Jinja etc)
5. Deserialization attacks ?
6. After getting command execution attacker will backdoor the server using a
cryptominer program which will start mining process and consume server
CPU and electricity resource.
13. Mining via Subdomain / CDN takeovers
1. Your company starts using a new service, eg an external Support Ticketing-
service.
2. Your company points a subdomain to the Support Ticketing-service, eg
support.yourdomain.com.
3. Your company stops using this service but does not remove the subdomain
redirection pointing to the ticketing system.
4. Attacker signs up for the Service and claims the domain as theirs. No
verification is done by the Service Provider, and the DNS-setup is already
correctly setup.
5. Attacker can now upload the mining script in the affected subdomain and
attacker will exploit the company’s customers for his benefit. He can build a
complete clone of the real site, add a login form, redirect the user, steal
credentials (e.g. admin accounts), cookies and/or completely destroy
business credibility for your company.
15. Network Level Attack
1. Hacker creates a fake public wifi hotspot
2. Victim get connected to that hotspot and start surfing internet
3. Hacker starts MITM and starts injecting mining script in victims traffic
4. Victims starts mining for attacker
16.
17. How to prevent yourself ?
For users:
1. Use browser extensions like Adblock , No coin miner and https everywhere.
2. Check your CPU level while visiting any strange websites.
3. While connected to a wireless network never ignore ssl errors.
4. Remove suspicious browser extensions.
For website owners:
1. Do routine security assessments to fix vulnerabilities.
2. Implement CSP.
3. Implement HSTS (Strict Transport Security).This mechanism instructs the
browser to always connect only via HTTPS and not HTTP .
4. Always use an SSL Certificate throughout the whole website. In other words,
make sure to host all your content such as pictures, files and videos on