Treffer: Facilitating Cryptojacking Through Internet Middle Boxes

The usage of anonymous proxies and virtual private network has increased due to the privacy and Internet censorship issues. The traffic passing through proxies (Middle boxes) can be easily intercepted and modified by the controller to perform man-in-the-middle attacks like data injection, data tampering, and data deletion. A stealthy attack called cryptojacking started infecting the popular Web sites to mine cryptocurrency without the Web site visitor’s consent. This paper proposes an effective and stealthy approach to perform cryptojacking attack by injecting cryptomining script on anonymous proxy’s Web site traffic. To increase the efficiency of the attack on larger scale, a testbed environment for private The onion router (Tor) network is deployed to implement the same attack on tor exit node. Our study shows that covertness of the attack can be improvised by varying the central processing unit usage of the victim during mining to avoid detection. The existing defensive mechanism to prevent this attack is also reviewed.