Malware Monero Miner Targets Google’s DoubleClick

5 months ago admin2 Comments Off on Malware Monero Miner Targets Google’s DoubleClick

Get Trading Recommendations and Read Analysis on for just $39 per month.

Trend Micro, a provider of security software, hardware and services, discovered a malvertising campaign on high traffic websites used by Coinhive, a JavaScript code that allows website admins to mine Monero with visitor’s CPUs.

The attackers targeted Google’s DoubleClick, which provides Internet ad serving services for distribution, Trend Micro reported on its security intelligence blog. In addition, the maladvertisements also used a separate web miner that connects to a private pool.

Trend Micro has reported its findings to Google about the campaign, which affected Japan, France, Taiwan, Italy and Spain.

Trend Micro noticed a rise in traffic to five malicious domains on Jan 18, and on Jan. 24 it found a near 285% jump in the number of Coinhive miners. The traffic came from DoubleClick advertisements.

Web Miner Scripts Embedded

Two different web miner scripts were embedded, along with a script displaying the advertisements from DoubleClick. The attacked web page displayed the legitimate advertisement while the two web miners conducted their covert tasks.

The use of the advertisements on legitimate websites is believed to be a ploy to attack a greater number of users.

The traffic connected to these miners declined after Jan 24.

The advertisement contains a JavaScript code that creates a random number between one and 100 variables. When it creates a variable above 10, it alerts coinhive.min to mine 80% of the CPU power. This occurs 90% of the time. For the other 10%, a private web miner launches. The two miners were configured with throttle 0.2, indicating they use 80% of the CPU resources to mine.

After de-obfuscating a private web miner known as mqoj_1, a JavaScript code based on Coinhive can still be identified. The modified miner then uses a different mining pool, wss[:]//ws[.]l33tsite[.]info[:]8443, which is used to avoid the Coinhive 30% commission fee.

Also read: Starbucks’ Wi-Fi found using people’s laptops to mine Monero

Attacks Can Be Prevented

Coinhive miners can be prevented from using CPU resources by blocking JavaScript based applications from running on browsers, the blog noted. The impact of cryptocurrency malware and other threats exploiting system vulnerabilities can be mitigated by regularly updating and patching the software.

Trend Micro Smart Protection Suites and Worry-Free Business Security protect businesses and users from threats by blocking malicious files and related URLs.

Trend Micro Protection Suites provide capabilities such as behavior monitoring, web reputation services, high fidelity machine learning and application control to reduce the impact of such cryptocurrency miners and other threats.

Featured image from Shutterstock.

Follow us on Telegram.


Related Posts

Bitcoin is ‘Bulls–t,’ Says‘Dr Doom’ Nouriel Roubini in Latest Crypto Rant

admin2 2 months ago
Advertisement Join our community of 10 000 traders on for just $39 per month. Nouriel Roubini has doubled down on his longstanding hatred for bitcoin, ranting this week... Read More

B3i Shifts From Blockchain Consortium to Full-Fledged Company

admin2 4 months ago
A blockchain consortium backed by a group of global insurance firms has created an independent company with the aim of commercializing some of the solutions it has developed. B3i... Read More

Crypto Exchange Poloniex Acquisition Rumored to Have Cost Circle $400 Million

admin2 5 months ago
Advertisement Get Trading Recommendations and Read Analysis on for just $39 per month. Fintech startup Circle reportedly paid $400 million to acquire cryptocurrency exchange Poloniex, positioning the institutionally-backed... Read More

How to Open Your Own Casino with Zerocoin in Just 5 Minutes!

admin2 2 months ago
Advertisement This is a submitted sponsored story. CCN urges readers to conduct their own research with due diligence into the company, product or service mentioned in the content below. The... Read More