Introduction:
Cryptocurrency is a digital asset designed to work as a medium of exchange using cryptography to secure the transactions and to control the creation of additional units of the currency. One of the most popular cryptocurrency today is the Bitcoin. New units of cryptocurrency are generated by “mining” for them using miners. Users can do this on their own free-will utilizing self controlled hardware and software. Graphical Processing Units (GPUs) and processors have been traditionally used to mine cryptocurrencies. Bitcoins are mined using specialized ASIC (Application Specific Integrated Circuit) hardwares. Monero, another cryptocurrency is special in the sense that it is ASIC resistant and hence can only be mined using a desktop CPU and GPU.
Cryptocurrency has become attractive for malware authors as it is harder to track. Modern ransomware typically contain a wallet address where ransom can be paid to have encrypted files un-encrypted. Recently multiple services have sprung up that offer mining of the Monero cryptocurrency through custom JavaScript implementations. Some of these services are:
Coin Hive
Crypt-Loot
Coin Hive Manager
Cloudcoins
Coinblind
These services can be implemented legitimately in a resource which will utilize computing and electrical resources of users who visit a webpage. Generally, these services share a part of the revenue generated via mining with the web site owners. This is one of the ways some web sites recently tried to ‘monetize’ their web sites.
While cryptocurrency mining utilizing above libraries can not be considered malicious by itself, if done with the end user’s consent. If the inclusion of these JavaScript’s is not intentional, it could also mean that the web resource in question has been compromized to include the JavaScript library via script injection attacks, etc.
Administrators are requested to ensure these script inclusions are not because of an underlying vulnerability and remediate them at the earliest. QualysGuard customers can scan with QID 11871 for the above mentioned solutions. As and when we know of similar JavaScript based cryptocurrency mining solutions, the QID will be updated.
References:
https://en.wikipedia.org/wiki/Cryptocurrency
https://en.wikipedia.org/wiki/Bitcoin
https://en.wikipedia.org/wiki/Application-specific_integrated_circuit
https://en.wikipedia.org/wiki/Monero_(cryptocurrency)