A New Wave of Cryptocurrency Mining Malware Disguised as Ads
An alarming new trend has emerged in the world of online advertising, as Israeli adtech firm Spotad has uncovered a stealthy attack that is slipping cryptocurrency miners into unsuspecting websites. This malicious scheme, detected by Spotad’s artificial intelligence system named Sarah, involves the insertion of trojanized ads that secretly mine for Monero without the knowledge of site visitors.
The Deceptive Nature of Trojanized Ads
Spotad’s Sarah identified several anomalies within advertising code on both desktop and mobile platforms, revealing that seemingly legitimate ads were actually being used to mine for cryptocurrency. These Java-enabled ads prompt unsuspecting users to click on a pop-up that initiates the mining process, all while appearing to be harmless advertisements.
Tomer Horev, chief strategy officer at Spotad, emphasized the growing popularity of web-based mining among cybercriminals, citing the lucrative potential of Monero mining on a wide range of devices. This type of cryptocurrency mining can easily go undetected on low-end devices, making it a lucrative endeavor for malicious actors.
Rising Trend of Web-Based Mining
This latest campaign by cybercriminals aligns with a larger trend of web-based mining, as highlighted by Symantec’s recent report of a 34% increase in mobile apps incorporating cryptocurrency mining code. The launch of a mining service by Coinhive in September has further fueled this trend, with malicious actors taking advantage of unsuspecting users to mine for cryptocurrency without their consent.
Despite efforts by Coinhive to promote transparent mining practices, malicious operators have quickly exploited the concept of secret mining. This covert mining process can consume significant CPU resources, potentially slowing down users’ devices and raising suspicions.
Protecting Against Malicious Injection
To combat the growing threat of web-based mining malware, brands, agencies, ad networks, and website owners must remain vigilant in monitoring their code for signs of malicious injection. Alex Calic, chief strategist and revenue officer for The Media Trust, emphasized the importance of proactive monitoring to identify and block anomalous activity in the digital ecosystem.
By regularly examining ad tags, creative content, and landing pages for signs of malicious code, organizations can prevent their platforms from becoming unwitting hosts for cryptocurrency mining malware. As the prevalence of web-based mining continues to rise, proactive measures are essential to safeguard against this evolving threat.