Cryptocurrency Miners Find Their Way Into Online Advertising

A surge in the use of cryptocurrency has given hackers another way to use malicious JavaScript to tap into the CPU power of their visitor's PC, and to steal Bitcoin or other cryptocurrencies. This is done by dropping malicious code into personal machines and online advertisements, allowing the hacker to bypass security checkpoints.

Cryptocurrency mining has become a hot topic in recent days -- especially since October 2017 -- because of the climbing prices of Bitcoin and other currency, according to Alex Calic, chief strategy and revenue officer for The Media Trust.

The crypto mining script is being tied into what looks like a legitimate advertising campaign. "It's not like the ad says 'click here and allow me to use your CPU to mine cryptocurrency," he said. "It could be an ad for a reputable brand such as an electronics company that incentivizes you to take an action, so they can deliver the code script."

Calic explains that when someone delivers an ad they tie a piece of the cryptocurrency mining script code to the back of the advertisement. Sometimes the script will download automatically when the ad renders in the browser. Other times it will require someone to click on the ad. He said most of the time the person will not notice the machine has been infected, except for the computer becoming a bit sluggish.

Spotad, an Israeli tech firm, recently sent a warning to publishers to prepare for cryptocurrency mining code slipping into ads on their websites and discovering cryptocurrency mining activity on its network. The company uses an AI-powered advertising platform to purchase media space, according to Coin Desk, a media outlet.

In a blog post, Sophos analyst Bill Brenner wrote: "Cryptominers running in a browser without an organization’s consent are parasitic and should be considered malware."

Instead of serving up as executable files, they are scripts hidden on websites, mining for cryptocurrency in the browser. Visitors to the sites do not see evidence of the mining, and the only clue is that their computer might slow down and fans on the machine may rev up.

"Given their parasitic nature, Sophos has decided to start tagging Coinhive and other JavaScript-based cryptominers as malware to be blocked when users stumble upon a site harboring them," Brenner wrote. 

Next story loading loading..