Connect with us

Bitcoin Mining

New cyberattack mines bitcoin through victim’s web browser

Crystal Moore



Advanced threat detection provider SecBI has detected an interesting new fileless cyber-attack against one of its customers that I thought might interest you – bitcoin mining through the web browser.

The attack begins with a phishing email that leads the user to a seemingly innocent website offering a free Amazon gift card in exchange for staying on the site until a countdown is over.  However, in the background, the malware’s author drains considerable resources from the organization’s IT resources for data mining purposes, causing computers to slow down and multiple IT requests for unknown behavior.  It also escapes detection by existing solutions because all activity is contained within the browser.

SecBI’s machine learning algorithms detected this activity via the abnormal repetitive (beaconing) behavior from an “infected” browser, with a unique pattern indicative of bitcoin mining — as well as multiple requests to YouTube channels that the company had never observed nor interacted with.

I’ve included some additional information and screen shots below.  Please let me know if you’d be interested in speaking with a SecBI spokesperson for more information!

In the meantime, the malware’s author gains some extra money by promoting YouTube videos running hidden in background (there are services offering YouTube views which are worth $$$ for the video publisher).  Each video references dummy sites related to the gaming industry which offer users free money.

And bitcoin mining happens in the background

By looking at the IP, SecBI noticed more sites like the one described, following the same method:

Example of working video link:

Continue Reading



Pin It on Pinterest

Share This