“It is easier to reach a significant number of victims by infecting websites than it is by infecting users’ machines. In this case, attackers were injecting scripts in high-traffic websites impacting mostly Russian, Ukrainian, Belarusian, Moldavian and Kazakh users,” explains Matthieu Faou, Malware Researcher at ESET.
“This method of mining is less effective as it tends to be 1.5 to 2 times slower when compared to mining with regular software, but that is counterbalanced by the higher number of impacted users” adds Faou.
Some regulatory bodies consider mining cryptocurrencies on a user’s machine without consent equivalent to gaining access to the computer. Thus, developers of such services should advertise it clearly before starting mining, which is clearly not the case in a distribution scheme using malvertising.
Here are few tips from Matthieu Faou for protecting against this kind of threat:
- Enable detection of Potentially Unsafe Applications and Potentially Unwanted Applications (PUA) in ESET Internet Security/ ESET NOD32 Antivirus / ESET Smart Security Premium. Follow our simple instructions to set it up yourself here.
- Keep your internet security solution up-to-date. Check for the latest update of ESET Windows home products here.
- Install an ad blocker in the browser(s) you use such as uBlock.
- Additionally, you can install a script blocker such as NoScript. Be aware that installing script blocker in your browser could disable some websites functionalities.
For more details about Cryptocurrency web mining, please follow the analysis titled Cryptocurrency web mining: in union there is profit on WeLiveSecurity.com.