New variants of malware scams emerge almost daily, but one detected late last week deserves special attention from digital advertisers and media buyers considering cryptocurrency models. Instead of infecting computers to create fraudulent bot traffic, the new variant -- dubbed Prowli -- infects computers to siphon processing power to mine cryptocurrency.
An estimated 40,000 machines located in 9,000 organizations have been infected with Prowli, according to researchers at Guardiocre Labs.
Why is this a concern for Madison Avenue specifically? For two reasons. One is the ongoing role that advertising has been playing by serving as a vector to spread malicious code. The second is that new ad models are emerging that create an economic incentive for cryptocurrency markets. While the latter could emerge as a new, frictionless method for settling media transactions and payments, it also creates new economic incentives for scammers and a new form of advertising fraud that the ad industry must be vigilant against.
“The campaign was likely made possible through an attack on a digital third party with weaker security measures, which we see more often than brute force attacks,” Alex Calic, Chief Strategy and Revenue Officer at The Media Trust, explains about the Prowli attack, adding, “The hackers utilized code that invokes calls to a compromised command and control server and spread it through ads to the compromised sites.”
While advertising has long been a vector for distributing malware powering fraud such as fake bot traffic (ironically monetized via advertising), the new variant uses advertising to spread code that steals power used to mine cryptocurrencies.
The last bit of irony in this loop is that many of those currencies are being created to power frictionless advertising transactions. Ethical considerations aside, the emergence of these new forms of fraud are likely to create new inefficiencies for Madison Avenue.