skip to Main Content

Google Ads targeted by cybercrime with Cryptomining Malvertising Attack

Cybercrime use Google Ads to mine for cryptocurrencies such as Bitcoin

Google Ads has been targeted by cybercrime with a Cryptomining Malvertising cyber attack. The aim was use the network serves up ads that mine for cryptocurrencies such as Bitcoin. The cybersecurity experts at Trend Micro made the discover and published a post on their blog. “On January 24, 2018, we observed that the number of Coinhive web miner detections tripled due to a malvertising campaign”- it’s written in the post -. “We discovered that advertisements found on high-traffic sites not only used Coinhive (detected by Trend Micro as JS_COINHIVE.GN), but also a separate web miner that connects to a private pool. Attackers abused Google’s DoubleClick, which develops and provides internet ad serving services, for traffic distribution. Data from the Trend Micro Smart Protection Network shows affected countries include Japan, France, Taiwan, Italy, and Spain. We have already disclosed our findings to Google”.

Trend Micro: The affected DoubleClick webpage show legitimate advertisement, while 2 web miners covertly perform their task

Trend Micro cybersecurity researchers explain how the discovered the Cryptomining Malvertising cyber attack. “We detected an almost 285% increase in the number of Coinhive miners on January 24. We started seeing an increase in traffic to five malicious domains on January 18. After closely examining the network traffic, we discovered that the traffic came from DoubleClick advertisements.” – they explain -. “An analysis of the malvertisement-riddled pages revealed two different web miner scripts embedded and a script that displays the advertisement from DoubleClick. The affected webpage will show the legitimate advertisement while the two web miners covertly perform their task. We speculate that the attackers’ use of these advertisements on legitimate websites is a ploy to target a larger number of users, in comparison to only that of compromised devices. The traffic involving the abovementioned cryptocurrency miners has since decreased after January 24”.

Google: Ads were blocked in less than 2 hours and the malicious actors were quickly removed from our platforms

Trend Micro informed Google of the Cryptomining Malvertising cyber attack activity and the search giant took steps to block the attack immediately. It reports Silicon -. The company continually monitors its networks for threats but the actors continually change tactics to avoid detection. “Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we’ve been monitoring actively,” a spokesperson told the outlet. “We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms.”

The Trend Micro original post on the Cryptomining Malvertising Attack

Silicon article on the cyber incident

Back To Top