The intersection of Blockchain and Malware: A Comprehensive Review and Analysis

Yıl 2023, Cilt: 9 Sayı: 4, 58 - 69, 31.12.2023

Egemen Taşkın İbrahim Alper Doğru

Öz

Blockchain, as a type of distributed ledger technology, emerged as a reliable and transparent mechanism. Its key features are immutability, cryptographic encryption, auditability, and traceability. Blockchain technology, which started with the leadership of the financial sector, has spread to different sectors such as health, supply chain, real estate, law, and information security. Blockchain, integrated with technologies such as Industry 4.0, Internet of Things, Machine Learning and Artificial Intelligence, has caused both progress and challenges in the field of cybersecurity. Malicious actors produce and distribute blockchain-based malware using Industry 4.0 tools. This research contributes to one main issue: Examining current and advanced malware for blockchain systems and detection. In conclusion, this research highlights the critical importance of understanding the interaction between blockchain and malware. Revealing the emerging risks and challenges in this field, this study aims to equip researchers and cybersecurity practitioners with valuable knowledge to strengthen blockchain networks and effectively combat malicious threats.

Anahtar Kelimeler

Blockchain, Malware, Machine Learning

Proje Numarası

7373

Blokzincir ve Kötü Amaçlı Yazılımların Kesişimi: Kapsamlı Bir İnceleme ve Analiz

Öz

Blokzincir, dağıtık defter teknolojisinin bir türü olarak, güvenilir ve şeffaf bir mekanizma olarak ortaya çıkmıştır. Temel özellikleri değişmezlik, kriptografik şifreleme, denetlenebilirlik ve izlenebilirliktir. Finans sektörünün öncülüğünde başlayan blokzincir teknolojisi, sağlık, tedarik zinciri, emlak, hukuk ve bilgi güvenliği gibi farklı sektörlere yayılmıştır. Endüstri 4.0, Nesnelerin İnterneti, Makine Öğrenmesi ve Yapay Zekâ gibi teknolojilerle entegre edilen blokzincir, siber güvenlik alanında hem ilerlemeye hem de zorluklara neden olmuştur. Kötü niyetli aktörler, Endüstri 4.0 araçlarını kullanarak blokzincir tabanlı kötücül yazılımlar üretmekte ve dağıtmaktadır. Bu araştırma, üç ana konuda katkı sağlamaktadır: Blokzincir sistemlerine yönelik güncel ve ileri düzeydeki kötücül yazılımların incelenmesi ve tespiti. Sonuç olarak, bu araştırma blokzincir ve kötücül yazılımlar arasındaki etkileşimi anlamanın kritik önemini vurgulamaktadır. Bu alanda ortaya çıkan riskleri ve zorlukları ortaya çıkaran bu çalışma, araştırmacıları ve siber güvenlik uygulayıcılarını blokzincir ağlarını güçlendirmek ve kötü niyetli tehditlerle etkili bir şekilde mücadele etmek için değerli bilgilerle donatmayı amaçlamaktadır.

Anahtar Kelimeler

kötücül yazılım, Blockchain, malware, blockzincir

Destekleyen Kurum

Gazi Üniversitesi

Proje Numarası

7373

Teşekkür

Bu makale kapsamındaki çalışma Gazi Ü. Bilimsel Araştırmalar Projesi 7373 no.lu proje kapsamında desteklenmektedir.

Kaynakça

• [1] S. Meunier, Transforming Climate Finance and Green Investment with Blockchains: Chapter 3 – Blockchain 101: What is Blockchain and How Does This Revolutionary Technology Work?, A. Marke: Ed. Academic Press, 2018, pp. 23–34.
• [2] S. Li, T. Qin and G. Min, "Blockchain-Based Digital Forensics Investigation Framework in the Internet of Things and Social Systems" IEEE Transactions on Computational Social Systems, vol. 6, no. 6, pp. 1433-1441, December 2019. doi:10.1109/TCSS.2019.2927431.
• [3] M. A. Zook and J. Blankenship, "New spaces of disruption? The failures of Bitcoin and the rhetorical power of algorithmic governance", Geoforum, vol. 96, pp. 248–255, November 2018. doi:10.1016/j.geoforum.2018.08.023
• [4] S. Fosso Wamba, J. R. Kala Kamdjoug, R. Epie Bawack and J. G. Keogh, "Bitcoin, Blockchain and Fintech: a systematic review and case studies in the supply chain", Production Planning & Control, vol. 31, no. 2–3, pp. 115–142, December 2020. doi:10.1080/09537287.2019.1631460
• [5] A. A. Sadawi, B. Madani, S. Saboor, M. Ndiaye, and G. Abu-Lebdeh, "A comprehensive hierarchical blockchain system for carbon emission trading utilizing blockchain of things and smart contract", Technological Forecasting and Social Change, vol. 173, p. 121124, December 2021. doi:10.1016/j.techfore.2021.121124
• [6] M. Javaid, A. Haleem, R. Pratap Singh, S. Khan, and R. Suman, "Blockchain technology applications for Industry 4.0: A literature-based review", Blockchain: Research and Applications, vol. 2, no. 4, pp. 100027, December 2021. doi:10.1016/j.bcra.2021.100027
• [7] S. B. ElMamy, H. Mrabet, H. Gharbi, A. Jemai, and D. Trentesaux, "A Survey on the Usage of Blockchain Technology for Cyber-Threats in the Context of Industry 4.0", Sustainability, vol. 12, no. 21, November 2020. doi:10.3390/su12219179
• [8] B. A. Kitchenham, "Procedures for Performing Systematic Reviews" www.inf.ufsc.br, 2004. [Online]. Available: https://www.inf.ufsc.br/~aldo.vw/kitchenham.pdf. [Accessed: Dec. 25, 2023].
• [9] J. Rüth, T. Zimmermann, K. Wolsing, and O. Hohlfeld, "Digging into Browser-Based Crypto Mining", in Proceedings of the Internet Measurement Conference 2018, Boston, MA, USA, 2018, pp. 70–76. doi:10.1145/3278532.3278539
• [10] E. Le Jamtel, "Swimming in the Monero pools" 2018 11th International Conference on IT Security Incident Management & IT Forensics (IMF), Hamburg, Germany, 2018, pp. 110-114, doi:10.1109/IMF.2018.00016.
• [11] "Usage statistics of client-side programming languages for websites" W3Techs, [Online]. Available: https://w3techs.com/technologies/overview/client_side_language. [Accessed: 25-Dec-2023].
• [12] "I now own the COINHIVE domain. here’s how I’m Fighting Cryptojacking and doing good things with content security policies." Troy Hunt, 02-Apr-2021. [Online]. Available: https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/. [Accessed: 25-Dec-2023].
• [13] "Plugins categorized as mining" WordPress, [Online]. Available: https://wordpress.org/plugins/tags/mining/ [Accessed: 25-Dec-2023].
• [14] D. Goodin, "Now even YouTube serves ads with CPU-draining cryptocurrency miners" Ars Technica, Jan. 26, 2018. [Online]. Available: https://arstechnica.com/information-technology/2018/01/now-even-youtube-serves-ads-with-cpu-draining-cryptocurrency-miners/ [Accessed: 25-Dec-2023].
• [15] C. Osborne, "MikroTik routers enslaved in massive Coinhive cryptojacking campaign" ZDNET, [Online]. Available: https://www.zdnet.com/article/mikrotik-routers-enslaved-in-massive-coinhive-cryptojacking-campaign/ [Accessed: 25-Dec-2023].
• [16] "No coin is a tiny browser extension aiming to block coin miners such as coinhive" Github, [Online]. Available: https://github.com/keraf/NoCoin [Accessed: 25-Dec-2023].
• [17] J. Rüth, T. Zimmermann, K. Wolsing, and O. Hohlfeld, "Digging into Browser-Based Crypto Mining", in Proceedings of the Internet Measurement Conference 2018, Boston, MA, USA, 2018, pp. 70–76. doi:10.1145/3278532.3278539.
• [18] W. Wang, B. Ferrell, X. Xu, K. W. Hamlen, and S. Hao, "SEISMIC: SEcure In-Lined Script Monitors for Interrupting Cryptojacks", in Computer Security: 23rd European Symposium on Research in Computer Security, ESORICS 2018, Barcelona, Spain, September 3-7, 2018, Proceedings, Part II, Barcelona, Spain, 2018, pp. 122–142. doi:10.1145/3278532.3278539.
• [19] D. Carlin, P. O’Kane, S. Sezer and J. Burgess, "Detecting Cryptomining Using Dynamic Analysis" 2018 16th Annual Conference on Privacy, Security and Trust (PST), Belfast, Ireland, 2018, pp. 1-6. doi:10.1109/PST.2018.8514167.
• [20] A. Kharraz, Z. Ma, P. Murley, C. Lever, J. Mason, A. Miller, N. Borisov, M. Antonakakis, M. Bailey, "Outguard: Detecting in-browser covert cryptocurrency mining in the wild" in: The World Wide Web Conference, WWW ’19, Association for Computing Machinery, New York, NY, USA, 2019, p. 840–852. doi:10.1145/3308558.3313665. doi:10.1145/3308558.3313665.
• [21] W. Bian, W. Meng, M. Zhang, "MineThrottle: Defending against Wasm In-Browser Cryptojacking", Association for Computing Machinery, New York, NY, USA, 2020, p. 3112–3118. doi:10.1145/3366423.3380085
• [22] F. Naseem, A. Aris, L. Babun, E. Tekiner, S. Uluagac, "Minos: A lightweight real-time cryptojacking detection system" in: 28th Annual Network and Distributed System Security Symposium, NDSS, 2021. doi:10.14722/ndss.2021.24444
• [23] F. Tommasi, C. Catalano, U. Corvaglia, I. Taurino, "Mineralert: an hybrid approach for web mining detection", Journal of Computer Virology and Hacking Techniques, March 2021. doi:10.1007/s11416-022-00420-7.
• [24] A. Hernandez-Suarez, G. Sanchez-Perez, L.K. Toscano-Medina, J. Olivares-Mercado, J. Portillo-Portilo, J. Avalos and L.J. García Villalba, "Detecting Cryptojacking Web Threats: An Approach with Autoencoders and Deep Dense Neural Networks", Applied Sciences, vol. 12, no. 7, 2022. doi:10.3390/app12073234
• [25] A. Zareh and H. R. Shahriari, "Botcointrap: Detection of bitcoin miner botnet using host based approach", in: 2018 15th Inter-national ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC), 2018, pp. 1–6. doi:10.1109/ISCISC.2018.8546867.
• [26] S. Soviany, A. Scheianu, G. Suciu, A. Vulpe, O. Fratu and C. Istrate, "Android malware detection and crypto-mining recognition methodology with machine learning", in: 2018 IEEE 16th International Conference on Embedded and Ubiquitous Computing (EUC), 2018, pp. 14–21. doi:10.1109/EUC.2018.00010
• [27] G. Berecz. and I. Czibula., "Hunting traits for cryptojackers", in: Proceedings of the 16th International Joint Conference on e-Business and Telecommunications – SECRYPT, 2019, pp. 386–393. doi:10.5220/0007837403860393
• [28] H. Darabian, S. Hashemi, S. Homayounoot, A. Dehghantanha, H. Karimipour, R. M. Parizi and K. R. Choo, "Detecting Cryptomining Malware: a Deep Learning Approach for Static and Dynamic Analysis", Journal of Grid Computing, vol. 18, no. 2, pp. 293–303, Jun. 2020. doi:10.1007/s10723-020-09510-6
• [29] V. Veselý and M. Žádník, "How to detect cryptocurrency miners? By traffic forensics!", Digital Investigation, vol. 31, p. 100884, 2019. doi: 10.1016/j.diin.2019.08.002
• [30] S. Balamurugan and M. Thangaraj, "Cryptojacking Malware Detection using the Bayesian Consensus Clustering with Large Iterative Multi-Tier Ensemble in the Cryptocurrency in the Cloud" International Journal of Recent Technology and Engineering (IJRTE), vol. 8, no. 3. Blue Eyes Intelligence Engineering and Sciences Engineering and Sciences Publication - BEIESP, pp. 4256–4264, Sep. 30, 2019. doi:10.35940/ijrte.c5159.098319.
• [31] D. Tanana and G. Tanana, "Advanced Behavior-Based Technique for Cryptojacking Malware Detection" 2020 14th International Conference on Signal Processing and Communication Systems (ICSPCS), Adelaide, SA, Australia, 2020, pp. 1-4, doi:10.1109/ICSPCS50536.2020.9310048.
• [32] "Bitcoin Tracker: Wannacry Doesn’t Pay. " Pymnts.Com, May 19, 2017. [Online]. Available: www.pymnts.com/news/bitcoin-tracker/2017/bitcoin-tracker-wannacry-doesnt-pay/ [Accessed: 25-Dec-2023].
• [33] M.Kan "Old Windows Pcs Can Stop WannaCry Ransomware with New Microsoft Patch." Computerworld.com, May 13, 2017. [Online]. Available: www.computerworld.com/article/3196693/old-windows-pcs-can-stop-wannacry-ransomware-with-new-microsoft-patch.html. [Accessed: 25-Dec-2023].
• [34] "Deep Shift: Technology Tipping Points and Societal Impact", weforum.org, Sept. 9, 2023. [Online]. Available: https://www3.weforum.org/docs/WEF_GAC15_Technological_Tipping_Points_report_2015.pdf. [Accessed: 25-Dec-2023].
• [35] D. Y. Huang, M. M. Aliapoulios, V. G. Li, L. Invernizzi, E. Bursztein, K. McRoberts, J. Levin, K. Levchenko, A. C. Snoeren and D. McCoy, "Tracking ransomware end-to-end" in: 2018 IEEE Symposium on Security and Privacy (SP), 2018, pp. 618–631. doi:10.1109/SP.2018.00047.
• [36] M. Paquet-Clouston, B. Haslhofer and B. Dupont, "Ransomware payments in the bitcoin ecosystem", Journal of Cybersecurity. vol. 5, no. 1. doi:10.1093/cybsec/tyz003.
• [37] O. Delgado Mohatar, J. Sierra-C´amara and E. Anguiano, "Blockchain-based semi-autonomous ransomware", Future Generation Computer Systems, vol. 112, pp. 589-603, 2020. doi:10.1016/j.future.2020.02.037
• [38] M. Ozer, S. Varlioglu, B. Gonen and M. Bastug, "A prevention and a traction system for ransomware attacks", in: 2019 International Conference on Computational Science and Computational Intelligence (CSCI), 2019, pp. 150–154. doi:10.1109/CSCI49370.2019.00032.
• [39] N. Scaife, H. Carter, P. Traynor and K. R. B. Butler, "CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data," 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), Nara, Japan, 2016, pp. 303-312. doi:10.1109/ICDCS.2016.46.
• [40] A. Continella, A. Guagnelli, G. Zingaro, G. Pasquale, A. Barenghi, S. Zanero and F. Maggi, "ShieldFS: A Self-Healing, Ransomware-Aware Filesystem", in Proceedings of the 32nd Annual Conference on Computer Security Applications, Los Angeles, California, USA, 2016, pp. 336–347. doi:10.1145/2991079.2991110
• [41] D. Mendes, I. Rodrigues, C. Fonseca, M. Lopes, J. M. García-Alonso and J. Berrocal, "Anonymized Distributed PHR Using Blockchain for Openness and Non-repudiation Guarantee", in Digital Libraries for Open Knowledge, 2018, pp. 381–385. doi:10.1007/978-3-030-00066-0_45
• [42] C. Karapapas, I. Pittaras, N. Fotiou and G. C. Polyzos, "Ransomware as a service using smart contracts and ipfs", in: 2020 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), 2020, pp. 1–5. doi:10.1109/ICBC48266.2020.9169451
• [43] C. G. Akcora, Y. Li, Y. R. Gel, and M. Kantarcioglu, ‘BitcoinHeist: Topological Data Analysis for Ransomware Prediction on the Bitcoin Blockchain’, in Proceedings of the Twenty-Ninth International Joint Conference on Artificial Intelligence, IJCAI-20, 7 2020, pp. 4439–4445. doi:10.24963/ijcai.2020/612
• [44] A. Turner, S. Mccombie and A. Uhlmann, “Follow the money: Revealing risky nodes in a ransomware-bitcoin network” Machine Learning and Predictive Analytics in Accounting, Finance, and Management, January 2021. doi:10.24251/HICSS.2021.189.
• [45] P. Xia, H. Wang, H. Wang, X. Luo, L. Wu, Y. Zhou, G. Bai, G. Xu, G. Huang and X. Liu, "Don’t Fish in Troubled Waters! Characterizing Coronavirus-themed Cryptocurrency Scams", APWG Symposium on Electronic Crime Research (eCrime), Boston, MA, USA, 2020, pp. 1-14, doi: 10.1109/eCrime51433.2020.9493255.
• [46] A. Holub and J. O'Connor, "COINHOARDER: Tracking a ukrainian bitcoin phishing ring DNS style," APWG Symposium on Electronic Crime Research (eCrime), San Diego, CA, USA, 2018, pp. 1-5, doi: 10.1109/ECRIME.2018.8376207.
• [47] M. Guri, "BeatCoin: Leaking Private Keys from Air-Gapped Cryptocurrency Wallets," IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), Halifax, NS, Canada, 2018, pp. 1308-1316, doi: 10.1109/Cybermatics_2018.2018.00227.