BARCELONA — AdSecure has announced the addition of cryptocurrency mining detection to its arsenal of security tools for ad networks, ad operations teams, and publishers, in response to an upward trend in malvertising that targets unsuspecting user’s browsers for mining cryptocurrencies.
According to the company, cryptocurrencies are “mined” (meaning new “coins” are created) using resource intensive algorithms that make the process increasingly expensive in terms of hardware and electricity as more coins are mined.
“This is the reason why they need to hook up to many computers in order to keep mining the cryptocurrencies,” says an AdSecure spokesperson. “One solution that miners have found is to use [other] user’s computers, without them knowing about it.”
There are two main JavaScript libraries that are currently being used to target users: CoinHive (launched on September 14) which defines itself as an alternative to classic advertising. The second is a modified version of MineCrunch, a notorious script that was released back in 2014 that seems to be making a comeback because it can mine cryptocurrencies through a web browser. Although these JavaScript libraries are not malware themselves, they are using user’s computer resources to generate profits.
“Rather than tricking users into downloading cryptocurrency mining malware, cybercriminals are buying traffic from ad networks and then distributing potentially malicious JavaScript instead of using a traditional digital advertisement,” the spokesperson says. “This approach has a clear advantage because it is much easier to build scale and reach a large number of computers by distributing the malware from ‘infected’ websites rather than by infecting individual user machines.”
Once the malware starts mining from a user’s browser, the user will notice a dip in CPU performance.
“This is why streaming and gaming websites have been preferentially targeted for crypto mining malware distribution, because end-users tend to spend more time on these sites and may be less likely to notice the increased activity on their computer resources,” the spokesperson adds, “with the user probably assuming the slow performance is caused by the game or video as opposed to cryptocurrency mining activity.”
AdSecure Product Manager Mathieu Derval says the popularity of mining cryptocurrency within browsers is on the rise, noting how AdSecure has come across several cases of this new fraud trend.
“According to our first analysis, the cybercriminals were mainly interested in Monero, ZCash, Feathercoin and Litecoin, which can be mined with a standard CPU with little difference in overall results compared to running more advanced hardware,” Derval explains. “This new kind of malvertising attack points out once again the need for ad platforms and publishers to use an ad verification tool to protect their network, keep their reputation intact and keep their visitors safe.”
For more information, click here.