Features, Analysis Techniques, and Detection Methods of Cryptojacking Malware: A Survey

Laith M Kadhum - Universiti Malaysia Pahang Al-Sultan Abdullah, 26600 Pekan, Pahang, Malaysia
Ahmad Firdaus - Universiti Malaysia Pahang Al-Sultan Abdullah, 26600 Pekan, Pahang, Malaysia
Syifak Izhar Hisham - Universiti Malaysia Pahang Al-Sultan Abdullah, 26600 Pekan, Pahang, Malaysia
Waheed Mushtaq - Universiti Malaysia Pahang Al-Sultan Abdullah, 26600 Pekan, Pahang, Malaysia
Mohd Faizal Ab Razak - Universiti Malaysia Pahang Al-Sultan Abdullah, 26600 Pekan, Pahang, Malaysia


Citation Format:



DOI: http://dx.doi.org/10.62527/joiv.8.2.2725

Abstract


Various types of malwares are capable of bringing harm to users. The list of types are root exploits, botnets, trojans, spyware, worms, viruses, ransomware, and cryptojacking. Cryptojacking is a significant proportion of cyberattacks in which exploiters mine cryptocurrencies using the victim’s devices, for instance, smartphones, tablets, servers, or computers. It is also defined as the illegal utilization of victim resources (CPU, RAM, and GPU) to mine cryptocurrencies without detection. The purpose of cryptojacking, along with numerous other forms of cybercrime, is monetary gain. Furthermore, it also intended to stay concealed from the victim's viewpoint. Following this crime, to the author's knowledge, a paper focusing solely on a review of cryptojacking research is still unavailable. This paper presents cryptojacking detection information to address this deficiency, including methods, detection, analysis techniques, and features. As cryptojacking malware is a type that executes its activities using the network, most of the analysis and features fall into dynamic activities. However, static analysis is also included in the security researcher’s option. The codes that are involved are opcode and JavaScript. This demonstrates that these two languages are vital programming languages to focus on to detect cryptojacking. Moreover, the researchers also begin to adopt deep learning in their experiments to detect cryptojacking malware. This paper also examines potential future developments in the detection of cryptojacking.


Keywords


— Cryptojacking; cryptocurrencies; distribution; detection

Full Text:

PDF

References


E. Juma Adwan and B. Ali Alsaeed, “Cloud Computing adoption in the financial banking sector-A systematic litreture review (2011-2021),” International Journal of Advanced Science Computing and Engineering (IJASCE), vol. 4, no. 1, pp. 48–55, 2022.

European Union Agency for Cybersecurity, “Cryptojacking - Cryptomining in the browser.” Accessed: Apr. 22, 2021. [Online]. Available: https://www.enisa.europa.eu/publications/info-notes/cryptojacking-cryptomining-in-the-browser

D. Nincarean Eh Phon, A. Firdaus, M. F. Ab Razak, S. Kasim, A. H. Basori, and T. Sutikno, “Augmented reality: effect on conceptual change of scientific,” Bulletin of Electrical Engineering and Informatics, vol. 8, no. 4, pp. 1537–1544, Dec. 2019, doi: 10.11591/eei.v8i4.1625.

A. Firdaus et al., “Selecting root exploit features using flying animal-inspired decision,” Indonesian Journal of Electrical Engineering and Informatics, vol. 7, no. 4, pp. 628–638, 2019, doi: 10.11591/ijeei.v7i4.1146.

M. Abbas and H. Ghous, “Early Detection of Breast Cancer Tumors using Linear Discriminant Analysis Feature Selection with Different Machine Learning Classification Methods,” Computer Science & Engineering: An International Journal, vol. 12, no. 1, pp. 171–186, 2022, doi: 10.5121/cseij.2022.12117.

M. Sajjad, M. Pasha, and U. Pasha, “Parametric Evaluation of E-Health Systems,” International Journal of Information Systems and Computer Technologies (IJISCT), vol. 1, no. January, pp. 31–37, 2022.

A. Firdaus et al., “Adaboost-multilayer perceptron to predict the student’s performance in software engineering,” Bulletin of Electrical Engineering and Informatics, vol. 8, no. 4, pp. 1556–1562, 2019, doi: 10.11591/eei.v8i4.1432.

M. Sulistiyono, L. A. Wirasakti, and Y. Pristyanto, “The Effect of Adaptive Synthetic and Information Gain on C4. 5 and Naive Bayes in Imbalance Class Dataset,” International Journal of Advanced Science Computing and Engineering (IJASCE), vol. 4, no. 1, pp. 1–11, 2022.

A. Karim, V. Chang, and A. Firdaus, “Android botnets: A proof-of-concept using hybrid analysis approach,” Journal of Organizational and End User Computing, vol. 32, no. 3, pp. 50–67, 2020, doi: 10.4018/JOEUC.2020070105.

C. A. Che Yahaya, A. Firdaus, S. Mohamad, F. Ernawan, and M. F. A. Razak, “Automated Feature Selection using Boruta Algorithm to Detect Mobile Malware,” International Journal of Advanced Trends in Computer Science and Engineering, vol. 9, no. 5, pp. 9029–9036, 2020, doi: 10.30534/ijatcse/2020/307952020.

R. Jusoh, A. Firdaus, S. Anwar, M. Z. Osman, M. F. Darmawan, and M. F. Ab Razak, “Malware detection using static analysis in Android: a review of FeCO (features, classification, and obfuscation),” PeerJ Comput Sci, vol. 7, no. e522, pp. 1–54, 2021, doi: 10.7717/peerj-cs.522.

Y. Feng, D. Sisodia, and J. Li, “POSTER: Content-Agnostic Identification of Cryptojacking in Network Traffic,” in Proceedings of the 15th ACM Asia Conference on Computer and Communications Security (CCS), New York, NY, USA: ACM, Oct. 2020, pp. 907–909. doi: 10.1145/3320269.3405440.

D. Tanana, “Behavior-Based Detection of Cryptojacking Malware,” Proceedings - 2020 Ural Symposium on Biomedical Engineering, Radioelectronics and Information Technology, USBEREIT 2020, pp. 543–545, 2020, doi: 10.1109/USBEREIT48449.2020.9117732.

J. S.-V. and P. B.-R. J. Z. i. Muñoz, “Detecting cryptocurrency miners with NetFlow/IPFIX network measurements,” in IEEE International Symposium on Measurements & Networking (M&N), 2019, pp. 1–6. doi: 10.1109/IWMN.2019.8804995.

F. Gomes and M. Correia, “Cryptojacking Detection with CPU Usage Metrics,” 2020 IEEE 19th International Symposium on Network Computing and Applications, NCA 2020, 2020, doi: 10.1109/NCA51143.2020.9306696.

S. Eskandari, A. Leoutsarakos, T. Mursch, and J. Clark, “A First Look at Browser-Based Cryptojacking,” Proceedings - 3rd IEEE European Symposium on Security and Privacy Workshops, EURO S and PW 2018, pp. 58–66, 2018, doi: 10.1109/EuroSPW.2018.00014.

M. Musch, C. Wressnegger, M. Johns, and K. Rieck, “Web-based Cryptojacking in the Wild,” Aug. 2018. [Online]. Available: http://arxiv.org/abs/1808.09474

A. Abdul Aziz, S. Ngah, Y. Ti Dun, and T. Fui Bee, “Coinhive’s Monero Drive-by Crypto-jacking,” in IOP Conference Series: Materials Science and Engineering, Institute of Physics Publishing, Jun. 2020. doi: 10.1088/1757-899X/769/1/012065.

V. S. K. A. Nukala, “Website Cryptojacking Detection Using Machine Learning : IEEE CNS 20 Poster,” 2020 IEEE Conference on Communications and Network Security, CNS 2020, pp. 1–2, 2020, doi: 10.1109/CNS48642.2020.9162342.

I. Petrov, L. Invernizzi, and E. Bursztein, “CoinPolice: Detecting hidden cryptojacking attacks with neural networks,” ArXiv, 2020.

G. Hong et al., “How you get shot in the back: A systematical study about cryptojacking in the real world,” Proceedings of the ACM Conference on Computer and Communications Security, pp. 1701–1713, 2018, doi: 10.1145/3243734.3243840.

H. Darabian et al., “Detecting Cryptomining Malware: a Deep Learning Approach for Static and Dynamic Analysis,” J Grid Comput, vol. 18, no. 2, pp. 293–303, Jun. 2020, doi: 10.1007/s10723-020-09510-6.

B. N. Sanjay, D. C. Rakshith, R. B. Akash, and V. V. Hegde, “An Approach to Detect Fileless Malware and Defend its Evasive mechanisms,” Proceedings 2018 3rd International Conference on Computational Systems and Information Technology for Sustainable Solutions, CSITSS 2018, pp. 234–239, 2018, doi: 10.1109/CSITSS.2018.8768769.

Vala Khushali, “A Review on Fileless Malware Analysis Techniques,” International Journal of Engineering Research and, vol. V9, no. 05, pp. 46–49, 2020, doi: 10.17577/ijertv9is050068.

D. Draghicescu, A. Caranica, A. Vulpe, and O. Fratu, “Crypto-Mining Application Fingerprinting Method,” in International Conference on Communications (COMM), IEEE, 2018, pp. 543–546. doi: 10.1109/iccomm.2018.8484745.

M. Saad, A. Khormali, and A. Mohaisen, “End-to-End Analysis of In-Browser Cryptojacking,” 2018, [Online]. Available: http://arxiv.org/abs/1809.02152

G. Hong et al., “How you get shot in the back: A systematical study about cryptojacking in the real world,” in Proceedings of the ACM Conference on Computer and Communications Security, Association for Computing Machinery, Oct. 2018, pp. 1701–1713. doi: 10.1145/3243734.3243840.

M. Caprolu, S. Raponi, G. Oligeri, and R. di Pietro, “Cryptomining makes noise: Detecting cryptojacking via Machine Learning,” Comput Commun, vol. 171, pp. 126–139, Apr. 2021, doi: 10.1016/j.comcom.2021.02.016.