Dissecting the Infrastructure Used in Web-based Cryptojacking: A Measurement Perspective

TL;DR

This study analyzes the infrastructure behind web-based cryptojacking by examining 887 websites to understand their hosting, malicious activities, and vulnerabilities in order to inform better defenses against unauthorized cryptocurrency mining.

Contribution

It provides a comprehensive measurement-based analysis of cryptojacking infrastructure, including hosting details, malicious activities, and associated malware, which was previously underexplored.

Findings

Identified common hosting providers and DNS configurations used by cryptojacking sites.

Categorized types of malicious activities and malware linked to cryptojacking websites.

Highlighted vulnerabilities in website infrastructure that facilitate cryptojacking.

Abstract

This paper conducts a comprehensive examination of the infrastructure supporting cryptojacking operations. The analysis elucidates the methodologies, frameworks, and technologies malicious entities employ to misuse computational resources for unauthorized cryptocurrency mining. The investigation focuses on identifying websites serving as platforms for cryptojacking activities. A dataset of 887 websites, previously identified as cryptojacking sites, was compiled and analyzed to categorize the attacks and malicious activities observed. The study further delves into the DNS IP addresses, registrars, and name servers associated with hosting these websites to understand their structure and components. Various malware and illicit activities linked to these sites were identified, indicating the presence of unauthorized cryptocurrency mining via compromised sites. The findings highlight the vulnerability of website infrastructures to cryptojacking.