Google Ads Targeted By Cryptomining Malvertising Attack

Google’s DoubleClick advertising network has been targeted by a malvertising attack designed to mine cryptocurrencies such as Bitcoin on user systems.

Researchers at TrendMicro were alerted to the attack after discovering an increase in traffic to five malicious domains earlier this month. They then discovered a three-fold increase in the number of CoinHive detections and that the traffic was coming from advertisements on popular sites.

Analysis found that the malicious adverts used three separate scripts –two separate web mining scripts and a third legitimate script to serve the creative to end users.

DoubleClick Cryptomining

“We speculate that the attackers’ use of these advertisements on legitimate websites is a ploy to target a larger number of users, in comparison to only that of compromised devices. The traffic involving the abovementioned cryptocurrency miners has since decreased after January 24,” said the researchers.

TrendMicro informed Google of the activity and the search giant took steps to block the attack immediately. The company continually monitors its networks for threats but the actors continually change tactics to avoid detection.

“Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we’ve been monitoring actively,” a spokesperson told Silicon. “We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms.”

Loading ...

The attack marries two recent trends in cybercrime: malvertising and cryptomining. With cryptocurrencies increasing in profile and value, mining has become a valuable activity for criminals who need to harness significant amounts of compute power to create new units of currency.

Other incidents have seen attackers hijack vulnerable public Wi-Fi networks to insert scripts that use connected devices to mine for coins.

This latest attack doesn’t compromise user data but can impact system performance given its resources are being deployed elsewhere. TrendMicro says users should keep their software, especially web browsers up to date, and can disable applications based on JavaScript to avoid being targeted.

The most recent version of the Opera browser uses its ad blocking capabilities to provide protection against cryptomining malware.

Do you know all about security in 2017? Try our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

NHS Challenged Over Data Contract With Palantir

Contract between NHS and data mining firm Palantir now at centre of lawsuit filed by…

55 mins ago

California Can Enforce Its Own Strict Net Neutrality Law

Open Internet Victory? Ruling from US federal judge rejects attempt by US broadband providers to…

2 hours ago

Australia Passes Amended ‘Media Bargaining Law’

Australia becomes first country in the world where a government arbitrator can set prices tech…

5 hours ago

Facebook Oversight Board Confirms Appeal Over Trump Ban

Unnamed 'user' files appeal with Facebook's Supreme Court (the Oversight Board) against the 'indefinite' ban…

6 hours ago

Facebook To Invest $1 Billion In News Industry

After the very public row with the Australian government, Facebook confirms it is investing $1…

24 hours ago

EU Opens Consultation On Gig Economy Worker Rights

After UK's top court rules Uber drivers are workers, European Commission begins consultation on gig…

1 day ago