| Title | SoK: Cryptojacking Malware |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Tekiner, Ege, Acar, Abbas, Uluagac, A. Selcuk, Kirda, Engin, Selcuk, Ali Aydin |
| Conference Name | 2021 IEEE European Symposium on Security and Privacy (EuroS&P) |
| Keywords | bitcoin, blockchain, blockchains, cryptojacking, cryptomining, detection, Host-based, Human Behavior, in-browser, Industries, Malware, Metrics, military computing, Pandemics, pubcrawl, resilience, Resiliency, Systematics, Tools |
| Abstract | Emerging blockchain and cryptocurrency-based technologies are redefining the way we conduct business in cyberspace. Today, a myriad of blockchain and cryp-tocurrency systems, applications, and technologies are widely available to companies, end-users, and even malicious actors who want to exploit the computational resources of regular users through cryptojacking malware. Especially with ready-to-use mining scripts easily provided by service providers (e.g., Coinhive) and untraceable cryptocurrencies (e.g., Monero), cryptojacking malware has become an indispensable tool for attackers. Indeed, the banking industry, major commercial websites, government and military servers (e.g., US Dept. of Defense), online video sharing platforms (e.g., Youtube), gaming platforms (e.g., Nintendo), critical infrastructure resources (e.g., routers), and even recently widely popular remote video conferencing/meeting programs (e.g., Zoom during the Covid-19 pandemic) have all been the victims of powerful cryptojacking malware campaigns. Nonetheless, existing detection methods such as browser extensions that protect users with blacklist methods or antivirus programs with different analysis methods can only provide a partial panacea to this emerging crypto-jacking issue as the attackers can easily bypass them by using obfuscation techniques or changing their domains or scripts frequently. Therefore, many studies in the literature proposed cryptojacking malware detection methods using various dynamic/behavioral features. However, the literature lacks a systemic study with a deep understanding of the emerging cryptojacking malware and a comprehensive review of studies in the literature. To fill this gap in the literature, in this SoK paper, we present a systematic overview of cryptojacking malware based on the information obtained from the combination of academic research papers, two large cryptojacking datasets of samples, and 45 major attack instances. Finally, we also present lessons learned and new research directions to help the research community in this emerging area. |
| DOI | 10.1109/EuroSP51992.2021.00019 |
| Citation Key | tekiner_sok_2021 |
SoK: Cryptojacking Malware