Sneaky Crypto Malware Miners Are Targeting Ad Networks Next

Websites and publishers need to be prepared for cryptocurrency miners slipping into ads on their sites, according to Israeli adtech firm Spotad.

AccessTimeIconJan 4, 2018 at 7:00 a.m. UTC
Updated Aug 18, 2021 at 7:50 p.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Websites and publishers need to be prepared for cryptocurrency miners slipping into ads on their sites, according to Israeli adtech firm Spotad.

The company, which operates an AI-powered advertising platform for purchasing media space, recently discovered cryptocurrency mining activity on its network, a development the company claims is becoming part of wider trend.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • Spotad’s AI system, named "Sarah," recently identified anomalies in the code of seemingly legitimate ads for both desktop and mobile that turned out to be a miner for the cryptocurrency monero. The JavaScript-enabled ad was designed to dupe users into clicking on a pop-up that would initiate the mining process.

    According to co-founder Yoav Oz, the agency responsible for the ad was unaware of the code that was embedded inside. The name of the agency or the subject of the ad has not been disclosed.

    "Look at what's happening today around this entire cryptocurrency world, you see how much money is involved, you see the volume picking up week by week," added Tomer Horev, chief strategy officer, who led the team that discovered the code.

    He told CoinDesk:

    "I think people identify that as the next gold rush and they will try to do everything that they can in order to produce this kind of money."

    Oz and Horev explained that Spotad's AI system regularly monitors for irregularities in ads and is now being trained at spotting cryptocurrency mining scripts.

    Some of the key signals include a lack of click or behavior patterns typically seen in legitimate ads. "It was showing a different kind of behavior where users were not clicking much, there was no engagement on the ad. That’s where we got the signals out of our system," said Horev.

    Monero mining

    Why monero though? The cryptocurrency is currently trading at around the $440 mark while bitcoin is having its bumper year, topping $18,000. According to Oz and Horev, it’s simply easier to mine surreptitiously.

    Horev explained:

    "The mining protocol for the big [cryptocurrencies], like bitcoin and bitcoin cash… to mine that kind of crypto requires high end servers and even GPU-based processing. Monero has script that can perform well on CPUs that actually reside in any desktop, laptop, and mobile device."

    "This type of cryptocurrency has value harvesting through low end devices," he continued.

    This week Russian cybersecurity firm publicized a piece of Android malware called Loapi that is spread through ad campaigns and app stores, which can mine for monero even with low-powered processors.

    Cryptocurrency miners have become a controversial topic after torrent site The Pirate Bay tested out a monero mining code that it claimed it was testing as an alternative to advertising. Even sites from TV network Showtime and MMA organization UFC had run code from CoinHive, which makes this type of script for mining monero. In these cases, users were not immediately aware that their CPUs were being put to work mining for cryptocurrency.

    Symantec published a report this week that stated there is now a cryptocurrency miner “arms race” under way as more cybercriminals seek ways to cash in on the cryptocurrency buzz, whether it’s monero or other coins like zcash or ether.

    Time to act

    Per the Symantec report, publishers and website owners need to be vigilant with the integrity of their websites’ source and be wary of any injections that may be miner scripts. Online publications typically use tools to detect fraudulent activity or inappropriate traffic on their sites.

    These tools will need to evolve to consider miners, added Horev.

    "I think here requires a different type of fraud detection that when something happens on the device itself and not on the publisher website. I’m not sure that this type of technology is yet to be introduced in fraud detection tools but I believe it’s just a matter of time," he said.

    For regular users, the tell-tale signs are a little easier to spot as the CPU will run at 100% and the responsiveness of the site in question, and even the entire device, will slow down. Some antivirus and security software vendors have moved to block scripts suspected of being miners.

    "The motivation is out there [to mine]," said Horev. "It’s time for more action to be taken and fraud and detection tools to get into the game."

    Crypto malware via Shutterstock

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.