ESET has discovered a new tactic being used by cybercriminals to profiteer through the mining of cryptocurrencies on the web.
By using malware or potentially unwanted applications installed on the victim‘s machine, cyber-criminals have for several years taken advantage of cryptocurrency mining in order to realise a profit.
“It is easier to reach a significant number of victims by infecting websites than it is by infecting users’ machines. In this case, attackers were injecting scripts in high-traffic websites impacting mostly Russian, Ukrainian, Belarusian, Moldavian and Kazakh users,” explains Matthieu Faou, Malware Researcher at ESET.
“Although this method of mining is 1.5 to 2 times slower when compared to crypto coin mining with regular software, it is counterbalanced by the potentially higher number of impacted users” added Faou.
Some regulatory bodies consider mining crypto-currencies on a user’s machine without consent equivalent to gaining access to the computer. Thus, developers of such services are expected to advertise it clearly before starting mining, but which rarely happens in these types of distribution scheme using malvertising.
To protect oneself against this kind of threat, ESET advices that users should enable detection of Potentially Unsafe Applications and Potentially Unwanted Applications (PUA) in ESET Internet Security, ESET NOD32 Antivirus and ESET Smart Security Premium solutions while also running regular updates.
One can also consider installing their preferred Ad blocker in their browsers. Additionally one can also install a script blocker in their browser but which could however disable some websites functionalities.