Drive-By Cryptomining: Another Way Cyber-Criminals Are Trying to Evade Detection
By the end of the last year, we saw a drastic rise in drive-by cryptocurrency mining activities and it is quite alarming to note that cyber-criminals are getting smarter and smarter day-by-day at avoiding detection. Interestingly, cyber-criminals can deploy drive-by cryptocurrency mining to target a much wider audience compared to what they would typically achieve by delivering malware-based miners to machines.
However, drive-by activities have a shorter period of impact, which means that mining activities will be interrupted once a user leaves the malicious website or chooses to close the malicious tab. While this may pose a major constraint for cyber-criminals, they have successfully addressed this shortcoming by using pop-unders, which are frequently used to launch fraudulent ads. Alarmingly, malicious pop-under tabs that have malicious codes embedded in them are launched right under the taskbar, thereby preventing users from even discovering their presence. This means that the mining activities will continue unhindered until the users shut down their systems. To make things worse, cyber-criminals have started masking their codes to prevent detection.
Apart from using pop-unders to facilitate constant mining activities, cyber-criminals have also been discovering innovative ways to continue malicious mining activities for prolonged periods. One of the most pronounced examples is how cyber-criminals are making use of ambushed browser extensions to deliver codes in every web session.
Stay tuned for Part 5 of our crypto-currency mining series, coming soon!