2 min

Protection against Digital Gold Diggers

Software “CoinEater” of St. Pölten UAS Blocks Crypto Mining, the Unwanted Access to Computer Performance

Malware Lab St. Pölten UUAS

It is a phenomenon known to almost all of us: you browse the web and suddenly your computer slows down and runs loudly.

This could be due to so-called crypto mining, meaning the access to computer power to generate cryptocurrencies without the knowledge of the user.

In response, the St. Pölten UAS has developed the open source software “CoinEater” which blocks unwanted access and is available as an add-on to Firefox and Chrome.

New form of threat on the Internet

Cryptojacking describes the creation of cryptocurrencies by visitors of a website without their approval. Since mining is a very computing-intensive process, this can lead to reduced battery life on mobile devices. Due to this, the St. Pölten UAS has developed the free software “CoinEater” which recognises online crypto mining and blocks its execution.

“Usually high-performance hardware is used to generate cryptocurrencies. Cryptojacking distributes mining between many, less powerful devices and poses a new form of threat on the Internet”, explains Sebastian Schrittwieser, Head of the Institute for IT Security Research at the St. Pölten UAS, who helped develop the software.

This means that the attackers do not generate cryptocurrencies on their own computers and with their own electricity but on somebody else’s. The computer runs at full speed, the battery drains quickly and the profit goes to the attackers.

Ongoing Search for New Threats

A scanner developed at the Institute for IT Security Research automatically searches the Internet for cryptojacking at regular intervals. The results are then integrated into the CoinEater software. To do this, researchers went through over one million of the most popular websites and uncovered that more than 3,000 sites digging for cryptocurrencies without their users’ knowledge. The researchers’ programme also provides a technical analysis of the methods used by these websites.

“The use of such techniques is legitimate if website users agree to them, for instance, in order to hide advertisements”, says Schrittwieser. Cryptojacking, on the other hand, is a misuse of the users’ devices.

“Even though Coinhive, the largest provider of online mining software today, is going to discontinue its services soon, the problem will not be completely eradicated and mining could become more worthwhile once again later on”, explains Schrittwieser. The developed scanner can also detect other providers of crypto mining.

Protection against Pop Ups

The scanner also recognises another new phenomenon on the Internet: the pop-up scam. When visiting websites, users are confronted with pop-up windows containing ads or short messages which link them to fee-based offers or malware and which have to be tediously clicked away.

The software CoinEater was developed by researchers of the St. Pölten UAS in the course of the research project PriSAd (Privacy and Security in Online Advertisement) and funded by the Austrian Research Promotion Agency (FFG). IT security company Nimbusec was a partner of the project.

The software is updated constantly. It scans about 100,000 pages every day and runs a software update for the one million pages once every ten days.

Relevant Scientific Publications:

Rauchberger J., Schrittwieser S., Dam T., Luh R., Buhov D., Pötzelsberger G., Kim H.

The Other Side of the Coin: A Framework for Detecting and Analyzing Web-based Cryptocurrency Mining Campaigns

Proceedings of the 13th International Conference on Availability, Reliability and Security 2018

DOI: 10.1145/3230833.3230869

Research Project PriSAd

The research project PriSAd (Privacy and Security in Online Advertisement) was funded by the Austrian Research Promotion Agency (FFG). IT security company Nimbusec was a partner of the project.