Sneaky Crypto Malware Miners Are Targeting Ad Networks Next
Websites and publishers need to be prepared for cryptocurrency miners slipping into ads on their sites, according to Israeli adtech firm Spotad.
Websites and publishers need to be prepared for cryptocurrency miners slipping into ads on their sites, according to Israeli adtech firm Spotad.
The company, which operates an AI-powered advertising platform for purchasing media space, recently discovered cryptocurrency mining activity on its network, a development the company claims is becoming part of wider trend.
Spotad’s AI system, named "Sarah," recently identified anomalies in the code of seemingly legitimate ads for both desktop and mobile that turned out to be a miner for the cryptocurrency monero. The JavaScript-enabled ad was designed to dupe users into clicking on a pop-up that would initiate the mining process.
According to co-founder Yoav Oz, the agency responsible for the ad was unaware of the code that was embedded inside. The name of the agency or the subject of the ad has not been disclosed.
"Look at what's happening today around this entire cryptocurrency world, you see how much money is involved, you see the volume picking up week by week," added Tomer Horev, chief strategy officer, who led the team that discovered the code.
He told CoinDesk:
Oz and Horev explained that Spotad's AI system regularly monitors for irregularities in ads and is now being trained at spotting cryptocurrency mining scripts.
Some of the key signals include a lack of click or behavior patterns typically seen in legitimate ads. "It was showing a different kind of behavior where users were not clicking much, there was no engagement on the ad. That’s where we got the signals out of our system," said Horev.
Monero mining
Why monero though? The cryptocurrency is currently trading at around the $440 mark while bitcoin is having its bumper year, topping $18,000. According to Oz and Horev, it’s simply easier to mine surreptitiously.
Horev explained:
"This type of cryptocurrency has value harvesting through low end devices," he continued.
This week Russian cybersecurity firm publicized a piece of Android malware called Loapi that is spread through ad campaigns and app stores, which can mine for monero even with low-powered processors.
Cryptocurrency miners have become a controversial topic after torrent site The Pirate Bay tested out a monero mining code that it claimed it was testing as an alternative to advertising. Even sites from TV network Showtime and MMA organization UFC had run code from CoinHive, which makes this type of script for mining monero. In these cases, users were not immediately aware that their CPUs were being put to work mining for cryptocurrency.
Symantec published a report this week that stated there is now a cryptocurrency miner “arms race” under way as more cybercriminals seek ways to cash in on the cryptocurrency buzz, whether it’s monero or other coins like zcash or ether.
Time to act
Per the Symantec report, publishers and website owners need to be vigilant with the integrity of their websites’ source and be wary of any injections that may be miner scripts. Online publications typically use tools to detect fraudulent activity or inappropriate traffic on their sites.
These tools will need to evolve to consider miners, added Horev.
"I think here requires a different type of fraud detection that when something happens on the device itself and not on the publisher website. I’m not sure that this type of technology is yet to be introduced in fraud detection tools but I believe it’s just a matter of time," he said.
For regular users, the tell-tale signs are a little easier to spot as the CPU will run at 100% and the responsiveness of the site in question, and even the entire device, will slow down. Some antivirus and security software vendors have moved to block scripts suspected of being miners.
STORY CONTINUES BELOW
"The motivation is out there [to mine]," said Horev. "It’s time for more action to be taken and fraud and detection tools to get into the game."
Crypto malware via Shutterstock