X CLOSE

Enter your email below to sign up for latest updates from Appcheck NG.

CLOSE

Simply complete the info below and we'll send you all you need to activate AppCheck NG and undertake your FREE scan.

Please enter individual IP addresses or ranges

Please enter full URLs for your web applications, and both http and https where appropriate

Detect Rogue JavaScript Crypto-Miners with AppCheck


Browser based Crypto-Mining malware has made a dramatic resurgence in 2018 hitting the headlines on several occasions over the past month. Most recently, two major campaigns affecting thousands were reported by The Register with those affected ranging from YouTube to the UK’s Information Commissioner’s Office (Ref 1 Ref 2).

Trend Micro reports an increase as high as 285% in the number of CoinHive miners observed during January (Ref 3 )

In brief, JavaScript Crypto-Miners such as CoinHive are designed to use the processing power of visiting web browsers to perform Crypto Currency mining as a method of monetising website traffic. The malware* is deployed via a JavaScript embedded within your web site that is automatically executed by each visiting user.

Whilst Crypto Mining software is presented as a legitimate enterprise, it’s also a common technique used by Cyber Criminals and other malicious third parties to profit from their attacks. In short, if Crypto Mining software is served up by your site, it is likely the result of a malicious compromise, either directly or against one of your trusted partners.

Detecting Crypto-Miners with AppCheck

To help detect JavaScript Crypto Miners, AppCheck has released a detection module available to all customers. To enable it, select Plugins->Malware Scanning and enable “JavaScript Crypto Miner detection”.

The module detects Crypto Miners using two methods. Firstly, each page encountered during a scan is loaded into a browser engine and network connectivity is monitored. If the page attempts to connect to a Crypto Mining service, the page is flagged. Our second method inspects JavaScript objects loaded into each page for known Crypto Mining functions, this approach helps identify obfuscated payloads and payloads that selectively execute.

AppCheck Detecting Crypto Mining

 

* We assume that the software in this case is unwanted malware and not intentionally hosted.