Skip to main content

Cryptocurrency mining hits Google’s DoubleClick Adserving

A few days back, while checking the issue raised by the publisher, We have observed that when Google Ads load on the page, Certain script get loaded which increased the CPU usage exponentially.
On further Investigation, We have come across Script from coinhive domain which is running at the backend and serving as mining script.
Most Of the antivirus highlighted this issue and blocked it immediately.

Advertisement

After Few days, the News have been confirmed by the trendmicro,IT security company, You can read full article Malvertising Campaign Abuses Google’s DoubleClick to Deliver Cryptocurrency Miners

Before diving deep into the details, Let’s check few details about mining.

What is Cryptocurrency mining?

mining is the process by which transactions are verified and added to the public ledger, known as the blockchain, and also the means through which new Cryptocurrency (bitcoins) are released. Anyone with access to the internet and suitable hardware can participate in mining. The mining process involves compiling recent transactions into blocks and trying to solve a computationally difficult puzzle. The participant who first solves the puzzle gets to place the next block on the blockchain and claim the rewards. The rewards, which incentivize mining, are both the transaction fees associated with the transactions compiled in the block as well as newly released bitcoin.
Read more: Bitcoin Mining

Why it matters to us ?

In Initial days, It was just related to the users who want to start mining. Which means they will utilize their own HardWare resources to perform the mining. But Hackers now developed few script which can actually utilize normal user CPU to perform mining operations.
Coinhive provides a way to mine a cryptocurrency known as Monero. Monero differs from other cryptocurrencies like Bitcoin, in that it does not give miners who use GPUs or other specialized hardware a significant computational advantage. That means it is well-suited to use in web browsers, executing as JavaScript on consumer CPUs.

Site owners who place the Coinhive code on their websites earn Monero currency. The Coinhive code uses site visitors’ computational resources to mine Monero. An attacker can place the Coinhive code on thousands of websites and earn Monero from the mining that happens in site visitors’ browsers.

Coinhive Attack on the Advertising Industry

When I first came across this issue, To investigate it further, I have turned off my internet and check the source code, The Infected coin miner script is loading from the coinhive domain site. And it is being loaded with the google Iframe.

js_miner_script_attack

Online tools to check whether site you are visiting is running any mining script or not.

http://whoismining.com/
virusTotal

How To Remove the JS.MINER script From Your System

Symantec Coinhive remover
https://www.symantec.com/security_response/writeup.jsp?docid=2015-092321-2230-99

Steps To Protect From Getting your site Or system Infected

1) Always login from the Trusted System if you are managing your own site
2) Keep your Antivirus Updated
3) At least install malwarebytes
4) Keep your browser safe by downloading the plugins from trusted source
5) Install No-Coin Plugin To secure your browser

Facebook Comments

Admin

My name's Sachin, and I am Blogger and tech geek, currently working in Digital Advertisement Domain having work experience of more than 3 years. Ad-Tag Macros is the professional association dedicated exclusively to online advertising operations and technology. We focus primarily on topics such as ad serving and related technologies, yield management, policies, procedures, and standards. Experience Platform DFP Small Business Google Analytics Native Ads Mgid WP ComScore Blogspot AdSense Skills HTML/CSS Javascript Yield optimization Trafficking Mobile web ads Display, video ads Troubleshooting creative issue SEO and Blog revenue Optimization For Any Queries Please Contact Me Contact@adtagmacros.com

Leave a Reply

Your email address will not be published.