Computer security experts uncovered that Google’s DoubleClick network is being used by criminals to delivery malware cryptocurrency miners. This is the company’s subsidiary that provides Internet ad services and is used by the largest agencies and publishers to deliver targeted content to the selected audience.
Google’s DoubeClick Network Delivers Cryptocurrency Miners
Computer security researchers uncovered that criminal users are actively abusing Google’s DoubleClick Network. This is the premier ad platform offered by the service which is used by high-end marketers and publishers. The warning signs came after a detailed analysis of the performance metrics of current campaigns. The specialists reported that there is a sharp increase in the number of cryptocurrency miners, especially the ones descendant from the CoinHive family. A major incident was observed on January 24 when a 285% increase was noted in comparison to a prior week.
Two different web miner malware were observed during the investigation. They are embedded in hacker-crafted pages that show ads that are being pulled from Google’s DoubleClick network. This means that the victims are fed live and legitimate ads while at the same time the miners are running. The experts propose that the campaign is intentional, because the attack allows legitimate sites to receive the malware ads. Such actions are attributed to a planned large-scale attack against the potential victims.
Further Details About the DoubeClick Network and Cryptocurrency Miners Campaign
As such the miners infections can lead to several types of campaigns:
- Malware Infections — The sites can deliver additional threats directly. Examples include Trojans and ransomware.
- Social Engineering Tricks — The criminals can create pages that impersonate well-known services. Such portals are meant to steal the account credentials of the victims. Using the acquired data the hackers can perform identity theft and financial abuse crimes.
- Browser Hijacker Installation — Such redirects are among the main distribution methods employed by browser hijackers. They represent malware browser plugins that infect the most popular web applications (Safari, Mozilla Firefox, Google Chrome, Microsoft Edge, Opera and Internet Explorer). The initial behavior tactics include settings modification and tracking cookies institution. Using such methods the hackers can acquire sensitive information about the victims which can then be sold to marketing agencies for profit.
Cryptocurrency Miners Are Becoming the Preferred Hacker Tools
Malware experts note that the number cryptocurrency miner campaigns are steadily increasing as the hackers interest in these weapons increases. We have made a thorough analysis of the marketplace entries and every month the number of advanced miners sold increase at a fast pace. The worrying fact is not the quantity, but also the quality of the malware code.
It is possible to link this attack with the recent discovery of a vast number of malware Android apps. We speculate that hackers worldwide might have teamed in order to deliver an advanced worldwide campaign. Due to the extent and impact of the malware we recommend that all computer users scan for existing infections. The quality anti-spyware solution can also protect everyone from incoming attacks.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter