Hackers Hijack Google DoubleClick Ads

Hackers have infused malware in Google’s DoubleClick advertising service to serve ads to consumers that contain cryptocurrency mining software.

The malware – reported by the Trend Micro TrendLabs
Security Intelligence Blog after an increase in traffic to five malicious domains on January 18 — came from DoubleClick advertisements. 

The security company detected an increase of
nearly 285% in the number of Coinhive miners on January 24.

Mining cryptocurrency through ads is a relatively new form of abuse that violates Google’s policies, and one that the company has been monitoring closely, according to a Google spokesperson. “We enforce
our policies through a multi-layered detection system across our platforms which we update as new threats emerge,” per a Google spokesperson. “In this case, the ads were blocked in less than two hours
and the malicious actors were quickly removed from our platforms.”

advertisement

advertisement

Data shows that affected countries include Japan, France, Taiwan, Italy, and Spain. Reports appeared on Twitter after users
began tweeting that their antivirus software notified them that cryptocurrency mining has been detected as they watched YouTube videos.

Analysis at Trend Micro found two different web-miner
scripts embedded and a script that displays the advertisement from DoubleClick.

The affected webpage shows the legitimate advertisement, while the two web miners covertly perform their
task. ”The advertisement has a JavaScript code that generates a random number between variables 1 and 101,” according to the post. “When it generates a variable above 10, it will call out to
mine 80% of the CPU power, which is what happens nine out of ten times.”

In the other 10%, a private web miner launches. The two web miners will use 80% of the CPU’s resources for
mining.

Comments are closed.