Internet monopolies are easy to manipulate it seems. Especially if they are ad revenue driven and don’t really care who or what is advertised. Both Google and Facebook have been a hotbed for scams, phishing websites and malware recently, especially those involving crypto mining.
Cyber security researchers Trend Micro have discovered a surge in Coinhive web miner detections due to a malvertising campaign abusing Google’s advertising platform. According to the report they team discovered that advertisements found on high-traffic sites not only used Coinhive, a popular open source crypto mining script, but also a separate web miner that connects to a private pool.
Google’s DoubleClick advertising platform had been compromised. Malicious ads were served in Japan, France, Taiwan, Italy, and Spain according to the research. As of January 24 the cyber security specialists recorded a 285% surge in Coinhive miners originating from DoubleClick advertisements. The malvertising websites contained two different mining scripts which work in the background, leeching off users’ computer hardware to mine for crypto currency. The target coin is usually Monero as it is anonymous and cannot be tracked back in the blockchain.
According to a Trend Micro blog post;
Other reports indicate that YouTube has also been affected as it runs the same Google ad code. Secutiry researchers commented;
“YouTube was likely targeted because users are typically on the site for an extended period of time. This is a prime target for cryptojacking malware, because the longer the users are mining for cryptocurrency the more money is made.”
As cryptocurrencies become more prevalent the level of sophistication for mining malware will increase. Exchange hacks and coin theft is also becoming more prevalent. Ad driven companies such as Google and Facebook rarely vet their paying advertisers and will only do so after something such as this has happened.