Abstract
Traditionally, IoT crowdsensing devices have been outside the cryptomining domain due to their limitations in terms of computational power. In 2014, Monero (XNR) changed this situation forever. Monero is an open-source digital payment token that can be mined in resource-constrained devices like IoT and single-board computers. Despite the Monero advantages, it opened the door for cryptojackers illicitly mining cryptocurrencies by exploiting well-known vulnerabilities of IoT devices. Existing detection solutions provide good performance while detecting the mining phase of cryptojackers, but early detection is desired to avoid malware spreading and resource misuse. Thus, this work proposes a framework that combines device behavioral fingerprinting and machine learning to detect and classify preparatory phases of cryptojackers. The framework has been deployed in a crowdsensing IoT spectrum sensor, Raspberry Pi, infected by a recent cryptojacker called Linux.MulDrop.14. Promising detection results demonstrate the framework’s suitability while detecting early phases of cryptojackers.