Mining cryptocurrencies in browsers has emerged recently again as a potential revenue model for website operators. Legitimate uses exist for it, cryptojacking however, which refers to mining without the user’s consent, is considered malicious. While ways to detect miner scripts in websites lags behind miner obfuscation techniques, research has indicated an increase in cryptojacking operations.
This thesis will first explore the current literature available on the behavior of miners used for cryptojacking as well as ways to detect them. By examining current solutions available to end-users, I will demonstrate obfuscation techniques to evade these completely.
Through reproducing and validating techniques available only in research publications, this thesis will attempt to improve upon current miner detection solutions. Results will include a new Google Chrome browser add-on employing Web Assembly analysis which was not previously available for browsers. Results will also include a custom test-framework, developed to aid collecting Hardware Performance Counter measurement from browsers in a reproducible way. This highly configurable test-framework can be used to produce the data required to train classifiers for detecting miner scripts in browsers.