Cryptojacking is the permissionless use of a target device to covertly mine cryptocurrencies. With cryptojacking, attackers use malicious JavaScript codes to force web browsers into solving proof-of-work puzzles, thus making money by exploiting the resources of the website visitors. To understand and counter such attacks, we systematically analyze the static, dynamic, and economic aspects of in-browser cryptojacking. For static analysis, we perform content, currency, and code-based categorization of cryptojacking samples to 1) measure their distribution across websites, 2) highlight their platform affinities, and 3) study their code complexities. We apply machine learning techniques to distinguish cryptojacking scripts from benign and malicious JavaScript samples with 100\% accuracy. For dynamic analysis, we analyze the effect of cryptojacking on critical system resources, such as CPU and battery usage. We also perform web browser fingerprinting to analyze the information exchange between the victim node and the dropzone cryptojacking server. We also build an analytical model to empirically evaluate the feasibility of cryptojacking as an alternative to online advertisement. Our results show a sizeable negative profit and loss gap, indicating that the model is economically infeasible. Finally, leveraging insights from our analyses, we build countermeasures for in-browser cryptojacking that improve the existing remedies.

翻译：加密货币劫持是指未经授权利用目标设备隐蔽挖掘加密货币的行为。攻击者通过恶意JavaScript代码强制网页浏览器完成工作量证明谜题，从而利用网站访问者的资源牟利。为理解并抵御此类攻击，我们系统分析了浏览器内加密货币劫持的静态特征、动态行为及经济特性。在静态分析中，我们基于内容、货币类型和代码特征对加密货币劫持样本进行分类，实现：1) 测量样本在网站间的分布，2) 揭示其平台倾向性，3) 研究其代码复杂度。我们应用机器学习技术以100%准确率区分加密货币劫持脚本与良性及恶意JavaScript样本。在动态分析中，我们研究了加密货币劫持对CPU与电池等关键系统资源的影响，并通过Web浏览器指纹技术分析受害节点与劫持服务器之间的信息交换。此外，我们构建分析模型实证评估加密货币劫持作为在线广告替代方案的可行性，结果表明利润与亏损存在显著负向缺口，证明该模型在经济上不可行。最终，基于分析结论，我们提出改进现有防御方案的浏览器内加密货币劫持对抗措施。