Google Ads Targeted By Cryptomining Malvertising Attack

Google’s DoubleClick advertising network has been targeted by a malvertising attack designed to mine cryptocurrencies such as Bitcoin on user systems.

Researchers at TrendMicro were alerted to the attack after discovering an increase in traffic to five malicious domains earlier this month. They then discovered a three-fold increase in the number of CoinHive detections and that the traffic was coming from advertisements on popular sites.

Analysis found that the malicious adverts used three separate scripts –two separate web mining scripts and a third legitimate script to serve the creative to end users.

DoubleClick Cryptomining

“We speculate that the attackers’ use of these advertisements on legitimate websites is a ploy to target a larger number of users, in comparison to only that of compromised devices. The traffic involving the abovementioned cryptocurrency miners has since decreased after January 24,” said the researchers.

TrendMicro informed Google of the activity and the search giant took steps to block the attack immediately. The company continually monitors its networks for threats but the actors continually change tactics to avoid detection.

“Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we’ve been monitoring actively,” a spokesperson told Silicon. “We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms.”

Loading ...

The attack marries two recent trends in cybercrime: malvertising and cryptomining. With cryptocurrencies increasing in profile and value, mining has become a valuable activity for criminals who need to harness significant amounts of compute power to create new units of currency.

Other incidents have seen attackers hijack vulnerable public Wi-Fi networks to insert scripts that use connected devices to mine for coins.

This latest attack doesn’t compromise user data but can impact system performance given its resources are being deployed elsewhere. TrendMicro says users should keep their software, especially web browsers up to date, and can disable applications based on JavaScript to avoid being targeted.

The most recent version of the Opera browser uses its ad blocking capabilities to provide protection against cryptomining malware.

Do you know all about security in 2017? Try our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

2 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

5 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

6 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

7 hours ago