Google Ads Targeted By Cryptomining Malvertising Attack

Google’s DoubleClick advertising network has been targeted by a malvertising attack designed to mine cryptocurrencies such as Bitcoin on user systems.

Researchers at TrendMicro were alerted to the attack after discovering an increase in traffic to five malicious domains earlier this month. They then discovered a three-fold increase in the number of CoinHive detections and that the traffic was coming from advertisements on popular sites.

Analysis found that the malicious adverts used three separate scripts –two separate web mining scripts and a third legitimate script to serve the creative to end users.

DoubleClick Cryptomining

“We speculate that the attackers’ use of these advertisements on legitimate websites is a ploy to target a larger number of users, in comparison to only that of compromised devices. The traffic involving the abovementioned cryptocurrency miners has since decreased after January 24,” said the researchers.

TrendMicro informed Google of the activity and the search giant took steps to block the attack immediately. The company continually monitors its networks for threats but the actors continually change tactics to avoid detection.

“Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we’ve been monitoring actively,” a spokesperson told Silicon. “We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms.”

Loading ...

The attack marries two recent trends in cybercrime: malvertising and cryptomining. With cryptocurrencies increasing in profile and value, mining has become a valuable activity for criminals who need to harness significant amounts of compute power to create new units of currency.

Other incidents have seen attackers hijack vulnerable public Wi-Fi networks to insert scripts that use connected devices to mine for coins.

This latest attack doesn’t compromise user data but can impact system performance given its resources are being deployed elsewhere. TrendMicro says users should keep their software, especially web browsers up to date, and can disable applications based on JavaScript to avoid being targeted.

The most recent version of the Opera browser uses its ad blocking capabilities to provide protection against cryptomining malware.

Do you know all about security in 2017? Try our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Lawsuit By Former Google Staffers Cites ‘Don’t Be Evil’ Moto

Three out of the 'thanksgiving four' staff fired from Google in November 2019, hit back…

13 hours ago

Amazon’s Alabama Warehouse To Vote Again On Trade Union

Not the right outcome? Workers and staff at Amazon fulfilment centre in Bessemer, Alabama to…

14 hours ago

Meta Ordered To Sell Giphy By British Regulator

But will Zuckerberg obey? The UK's CMA watchdog orders Facebook to sell Giphy, after concluding…

18 hours ago

Clearview AI Faces £17m Fine For ‘Serious’ Data Protection Breaches

American facial recognition firm Clearview AI is facing a possible £17 million fine over “serious…

19 hours ago

Bye Jack. Twitter Co-Founder And CEO Jack Dorsey Steps down

End of the road for Jack. Twitter's Jack Dorsey steps down from CEO role for…

20 hours ago