430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Trend Micro spotted a malvertising campaign abusing Google’s DoubleClick to deliver Coinhive Miner

Trend Micro uncovered a spike in the number of Coinhie miners over the past few days, including Coinhive, apparently linked to Google’s DoubleClick ads that are proposed on YouTube and other sites. The number of cyber-attacks against cryptocurrencies is increased due to a rapid increase in the value of currencies such as Bitcoin and Ethereum. […]

Trend Micro spotted a malvertising campaign abusing Google’s DoubleClick to deliver Coinhive Miner

Trend Micro uncovered a spike in the number of Coinhie miners over the past few days, including Coinhive, apparently linked to Google’s DoubleClick ads that are proposed on YouTube and other sites.

The number of cyber-attacks against cryptocurrencies is increased due to a rapid increase in the value of currencies such as Bitcoin and Ethereum.

Hackers targeted almost any actor involved in the business of cryptocurrencies, single users, miners and of course exchanges.

Security firms have detected several malware applications specifically designed to steal cryptocurrencies, and many websites were compromised to install script used to mine virtual coins abusing computational resources of unaware visitors.

Researchers at Trend Micro uncovered a spike in the number of Coinhie miners over the past few days apparently linked to Google’s DoubleClick ads that are proposed on YouTube and other sites.

“On January 24, 2018, we observed that the number of Coinhive web miner detections tripled due to a malvertising campaign. We discovered that advertisements found on high-traffic sites not only used Coinhive (detected by Trend Micro as JS_COINHIVE.GN), but also a separate web miner that connects to a private pool.”  states the analysis published by Trend Micro.

“We detected an almost 285% increase in the number of Coinhive miners on January 24. We started seeing an increase in traffic to five malicious domains on January 18. After closely examining the network traffic, we discovered that the traffic came from DoubleClick advertisements.

Coinhive

The researchers observed two separate web cryptocurrency miner scripts, both hosted on AWS, that were called from a web page that presents the DoubleClick ad.

The advertisement uses a JavaScript code that generates a random number between 1 and 101. If the number generated is greater than 10, the advertisement will call the coinhive.min.js script to mine 80% of the CPU power. For the remaining 10%, the advertisement launch a private web miner, the mqoj_1.js script.

“The two web miners were configured with throttle 0.2, which means the miners will use 80% of the CPU’s resources for mining.” continues the analysis.

Coinhive

Google promptly took action against the ads that abuse users’ resources violating its policies.

Blocking JavaScript-based applications from running on browsers can prevent the execution of Coinhive miners, the experts suggest to regularly patch and update web browsers to reduce the risks.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – cryptocurrency, Coinhive)

[adrotate banner=”5″]

[adrotate banner=”13″]