Google Ads Targeted By Cryptomining Malvertising Attack
Google DoubleClick advertising network serves up ads that mine for cryptocurrencies such as Bitcoin
Google’s DoubleClick advertising network has been targeted by a malvertising attack designed to mine cryptocurrencies such as Bitcoin on user systems.
Researchers at TrendMicro were alerted to the attack after discovering an increase in traffic to five malicious domains earlier this month. They then discovered a three-fold increase in the number of CoinHive detections and that the traffic was coming from advertisements on popular sites.
Analysis found that the malicious adverts used three separate scripts –two separate web mining scripts and a third legitimate script to serve the creative to end users.
DoubleClick Cryptomining
“We speculate that the attackers’ use of these advertisements on legitimate websites is a ploy to target a larger number of users, in comparison to only that of compromised devices. The traffic involving the abovementioned cryptocurrency miners has since decreased after January 24,” said the researchers.
TrendMicro informed Google of the activity and the search giant took steps to block the attack immediately. The company continually monitors its networks for threats but the actors continually change tactics to avoid detection.
“Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we’ve been monitoring actively,” a spokesperson told Silicon. “We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms.”
The attack marries two recent trends in cybercrime: malvertising and cryptomining. With cryptocurrencies increasing in profile and value, mining has become a valuable activity for criminals who need to harness significant amounts of compute power to create new units of currency.
Other incidents have seen attackers hijack vulnerable public Wi-Fi networks to insert scripts that use connected devices to mine for coins.
This latest attack doesn’t compromise user data but can impact system performance given its resources are being deployed elsewhere. TrendMicro says users should keep their software, especially web browsers up to date, and can disable applications based on JavaScript to avoid being targeted.
The most recent version of the Opera browser uses its ad blocking capabilities to provide protection against cryptomining malware.
Do you know all about security in 2017? Try our quiz!