Google Ads Targeted By Cryptomining Malvertising Attack

Google’s DoubleClick advertising network has been targeted by a malvertising attack designed to mine cryptocurrencies such as Bitcoin on user systems.

Researchers at TrendMicro were alerted to the attack after discovering an increase in traffic to five malicious domains earlier this month. They then discovered a three-fold increase in the number of CoinHive detections and that the traffic was coming from advertisements on popular sites.

Analysis found that the malicious adverts used three separate scripts –two separate web mining scripts and a third legitimate script to serve the creative to end users.

DoubleClick Cryptomining

“We speculate that the attackers’ use of these advertisements on legitimate websites is a ploy to target a larger number of users, in comparison to only that of compromised devices. The traffic involving the abovementioned cryptocurrency miners has since decreased after January 24,” said the researchers.

TrendMicro informed Google of the activity and the search giant took steps to block the attack immediately. The company continually monitors its networks for threats but the actors continually change tactics to avoid detection.

“Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we’ve been monitoring actively,” a spokesperson told Silicon. “We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms.”

Loading ...

The attack marries two recent trends in cybercrime: malvertising and cryptomining. With cryptocurrencies increasing in profile and value, mining has become a valuable activity for criminals who need to harness significant amounts of compute power to create new units of currency.

Other incidents have seen attackers hijack vulnerable public Wi-Fi networks to insert scripts that use connected devices to mine for coins.

This latest attack doesn’t compromise user data but can impact system performance given its resources are being deployed elsewhere. TrendMicro says users should keep their software, especially web browsers up to date, and can disable applications based on JavaScript to avoid being targeted.

The most recent version of the Opera browser uses its ad blocking capabilities to provide protection against cryptomining malware.

Do you know all about security in 2017? Try our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

2 days ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

2 days ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

4 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

4 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

4 days ago
  翻译: