Malvertising campaign exploits users’ browsers to Mine Cryptocurrencies

The popularity of mining cryptocurrency within the browser is on the rise. In the last few weeks we came across many cases of this new trend, which consists in using a piece of javascript code to mine different cryptocurrencies directly through the visitor’s browser. Despite the perfomance drop of using this javascript mining approach you can bet that the attackers are able to generate substantial profits.

The JavaScript code is a modified version of MineCrunch, a notorious script which can be used to mine cryptocurrencies through the browser. MineCrunch was released back in 2014 and seems to be making a comeback. The crooks were mainly interested in Monero, Feathercoin and Litecoin, which can be mined with a standard CPU with little difference in overall results compared to running more advanced hardware.

Rather than tricking users into downloading cryptocurrency mining malware, cybercriminals are buying traffic from ad networks and distributing malicious JavaScript instead of a traditional advertisement. This approach has a clear advantage as it is easier to reach a significant number of machines by “infecting” websites than it is by infecting user machines. Streaming and gaming websites have apparently been preferentially targeted, since end-users tend to spend more time on these sites and may be less likely to notice the increased activity on their computer resources, or will assume it’s caused by the game or video itself as opposed to cryptocurrency mining activity.

This new kind of malvertising attack points out once again the need for ad platforms and publishers to use ad verification tool to protect their network, reputation and visitors safety. AdSecure now offers the detection of crypto-mining activity. Contact us to see how we can help safeguard your network or sites against malvertising.

Recommended Posts