Google ads infected by malware geared at cryptocurrency mining

Google’s DoubleClick ad network has come under attack by cryptocurrency miners who infiltrated Google ads to tap into the CPU power of those who view these ads on YouTube. Operating like a malware attack, the hacked ads were detected when some users got alerts from antivirus software programs and/or experienced slowdowns in their internet activity.Marketing understands that the ads likely targeted YouTube due to longer periods of engagement and activity experienced on the platform, which allowed miners to complete their tasks for longer periods of time. Cryptocurrency miners get rewarded through new cryptocurrencies for successfully validating transactions on public ledgers found on the blockchain platform. However, the process takes up significant processing power on computers and systems.In a statement to Marketing, a Google spokesperson said that mining cryptocurrency through ads is a relatively new form of abuse which violates its policies and one that it has been monitoring actively.“We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms,” the spokesperson explained.The malware-like attack was first detected by IT security company Trend Micro, which observed the tripling of Coinhive (a type of cryptocurrency) web miner detections following a “malvertising campaign”. In a blog post describing the attack, Trend Micro revealed that advertisements found on high-traffic sites not only used Coinhive, but also a separate web miner that connects to a private pool.The attackers had abused Google’s Doubleclick platform for traffic distribution, affecting countries such as Japan, France, Taiwan, Italy, and Spain. This saw affected webpages showing the legitimate advertisement while web miners covertly perform their tasks.“We speculate that the attackers’ use of these advertisements on legitimate websites is a ploy to target a larger number of users, in comparison to only that of compromised devices. The traffic involving the abovementioned cryptocurrency miners has since decreased after January 24,” the blog post read.