Google DoubleClick Ad Network Hit With Crypto Mining Malware, YouTube Visitors Affected
Given the immense popularity of the DoubleClick network, it should come as no surprise that enterprising hackers would attempt to exploit it to reach a staggering number of users. In this case, it's said that the countries that were verified as targets of this malicious campaign included France, Japan, Italy, Spain and Taiwan.
"An analysis of the malvertisement-riddled pages revealed two different web miner scripts embedded and a script that displays the advertisement from DoubleClick," writes TrendMicro. "The affected webpage will show the legitimate advertisement while the two web miners covertly perform their task. We speculate that the attackers’ use of these advertisements on legitimate websites is a ploy to target a larger number of users, in comparison to only that of compromised devices."
Hey @avast_antivirus seems that you are blocking crypto miners (#coinhive) in @YouTube #ads
— Diego Betto (@diegobetto) January 25, 2018
Thank you :)https://t.co/p2JjwnQyxz
Users first became aware of the Coinhive infestation while watching YouTube videos. YouTube is likely a popular target as users can often find themselves meandering on the site for extended periods of time watching various videos. The longer users spend time on a site, the longer that the malicious JavaScript can run to mine for Monero.
It seems as though no platform is safe these days when it comes to cryptocurrency mining. We first started hearing about Monero miners being smuggled into websites dedicated to piracy, and then it began spreading to more legitimate sites. More recently, we've seen Monero miners show up in malware for the Android platform.