A Growing Threat to the Safety, Security and Value of Cryptocurrencies Is Emerging.

Author:Samide, Jeremy

It's called in-browser cryptojacking and hackers use it to target less-well known cryptocurrencies such as Monero, Coinhive and Zcash--low-profile cryptocurrencies, that ironically are the currencies-of-choice among threat actors.

A recent cryptojacking campaign infected over half-a-million victims in just three days.

According to Jeremy Samide, CEO of Stealthcare, an international cybersecurity and threat assessment firm based in the US and Canada, "In-browser cryptojacking works off JavaScripts, which are installed on the most popular websites and readily available to anyone with criminal intent. With JavaScript the hacker uses the victim's own browser to mine, or rather 'cryptomine,' for transactions, secretly diverting small amounts of currency at a time to his own account where it can be turned into cash."

Industry analysts recognize Stealthcare for changing cybersecurity from defense to a more aggressive posture that relies on early warning, threat assessment, Al and human intelligence. Early on, Stealthcare's proprietary platform Zero Day Live, detected a significant upward trend in cryptomining and cryptojacking, warned its clients of the threat and provided countermeasures.

"This is criminal behavior plain and simple. Wrongdoers directly attack the weakest link--the consumers who rely on cryptocurrency exchanges and their digital wallets for their transactions. They lure their victims in through elaborate phishing campaigns, drive-by downloads, and other subterfuges," says Samide, adding, "The explosion of initial coin offerings (ICO) and cryptocurrency exchanges proliferating without adequate security, gave hackers the opening they needed to attack wallets and apps, siphoning off cryptocurrency from these exchanges."

Bitcoin and Ethereum were targets when they first emerged. But as they become more mainstream, they are also being scrutinized by sovereign governments looking to apply transparency requirements on their transactions. "These legacy cryptocurrencies now appear to be less attractive as hackers target emerging and more privately-focused currencies such as Coinhive along with Monero and Zcash," according to Samide.

Cryptomining Malware Threats

In addition to the in-browser JavaScript threat, cyber criminals are still transforming older malware to include cryptomining and cryptojacking capabilities. In doing so they are creating polymorphic strains of new attacks. Explains Samide, "Some of these cryptojacking campaigns are...

To continue reading