Computer security experts uncovered that Google’s DoubleClick network is being used by criminals to delivery malware cryptocurrency miners. This is the company’s subsidiary that provides Internet ad services and is used by the largest agencies and publishers to deliver targeted content to the selected audience.
Google’s DoubeClick Network Delivers Cryptocurrency Miners
Computer security researchers uncovered that criminal users are actively abusing Google’s DoubleClick Network. This is the premier ad platform offered by the service which is used by high-end marketers and publishers. The warning signs came after a detailed analysis of the performance metrics of current campaigns. The specialists reported that there is a sharp increase in the number of cryptocurrency miners, especially the ones descendant from the CoinHive family. A major incident was observed on January 24 when a 285% increase was noted in comparison to a prior week.
Two different web miner malware were observed during the investigation. They are embedded in hacker-crafted pages that show ads that are being pulled from Google’s DoubleClick network. This means that the victims are fed live and legitimate ads while at the same time the miners are running. The experts propose that the campaign is intentional, because the attack allows legitimate sites to receive the malware ads. Such actions are attributed to a planned large-scale attack against the potential victims.
Further Details About the DoubeClick Network and Cryptocurrency Miners Campaign
An analysis of the threat shows that the embedded JavaScript code follows a preset behavior pattern. Once the malware scripts are delivered to the legitimate site as ads. The actual malware processing is quite interesting as the ad engine generates a random number between 1 and 101. If the number is equal to 10 or above the script launches the coinhive instance. It then automatically starts the processor-intensive operations which are programmed to take 80% of the processing power (CPU usage). As a result income is being generated for the hacker operators. This type of infections have been found to impact popular sites such as Youtube itself. Another dangerous threat to the victims is the fact that some of the ads redirect the victims to scam sites and malware.
As such the miners infections can lead to several types of campaigns:
- Malware Infections — The sites can deliver additional threats directly. Examples include Trojans and ransomware.
- Social Engineering Tricks — The criminals can create pages that impersonate well-known services. Such portals are meant to steal the account credentials of the victims. Using the acquired data the hackers can perform identity theft and financial abuse crimes.
- Browser Hijacker Installation — Such redirects are among the main distribution methods employed by browser hijackers. They represent malware browser plugins that infect the most popular web applications (Safari, Mozilla Firefox, Google Chrome, Microsoft Edge, Opera and Internet Explorer). The initial behavior tactics include settings modification and tracking cookies institution. Using such methods the hackers can acquire sensitive information about the victims which can then be sold to marketing agencies for profit.
Cryptocurrency Miners Are Becoming the Preferred Hacker Tools
Malware experts note that the number cryptocurrency miner campaigns are steadily increasing as the hackers interest in these weapons increases. We have made a thorough analysis of the marketplace entries and every month the number of advanced miners sold increase at a fast pace. The worrying fact is not the quantity, but also the quality of the malware code.
It is possible to link this attack with the recent discovery of a vast number of malware Android apps. We speculate that hackers worldwide might have teamed in order to deliver an advanced worldwide campaign. Due to the extent and impact of the malware we recommend that all computer users scan for existing infections. The quality anti-spyware solution can also protect everyone from incoming attacks.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter
Martin Beltov
Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.
Follow Me: