Google DoubleClick Fall Victim To CoinHive Monero Mining

Trend Micro, a popular cybersecurity firm, recently published a report stating that Google DoubleClick, which runs Google ad services on multiple websites including YouTube, was compromised by the CoinHive malware along with a web miner.

According to Trend Micro, their in-house programs had detected unusual activity with web traffic on January 24, 2018. Upon further analysis, the Trend Micro team found out that advertisements on high traffic sites were using multiple types of malware: the more notoriously famous CoinHive and another web miner malware along with it.

As per Trend Micro’s findings, these malwares were using Google DoubleClick for traffic distribution.

Trend Micro stated that the advertisement scripts were infected with web miner scripts embedded within them, as shown in this screenshot here.

It was further reported that the firm had noticed a 285 percent increase in CoinHive miners on January 24, which has since decreased.

Trend Micro shared a few more technical findings as well and also stated that it had informed Google of the incident.

About Coinhive

CoinHive has been one of the most recent and most prominent malware in the past few weeks. It starts running as a hidden mining script or program in the infected system, which then works towards mining Monero without the machine owner’s permission.

When in operation, CoinHive can use around 80 percent of a machine’s power without the owner knowing what has happened to their device.

This shady method of surreptitious cryptocurrency mining has been making its rounds for some time now. Most of its instances have been linked with illicit mining operations in North Korea; however, despite public incidents with major corporations such as Russia’s Transneft, the people behind CoinHive have not been caught yet.

Preventative measures

Trend Micro suggested that disabling JavaScript based apps on browsers can stop CoinHive from leveraging from one’s web browsers. The firm also mentioned that users should keep their web browsers, anti-virus and anti-malware software updated in order to have their systems protected against these latest threats.

Are all google websites infected with this?

Trend Micro noticed this script running on third party websites that use Google ad services through Google DoubleClick. It does not mean that Google websites including YouTube are infected. The script was noticed in advertisements that run all across the web especially on high traffic websites.

There is no definite way to tell for an everyday user to determine which ad could be affected by this. However, the preventative measures that were outlined by Trend Micro for now seem to be the way to go.

If an everyday user keeps their software up – to – date and remains vigilant, they would be able save their machines from these unwarranted programs. However, as always, it would not hurt if you backup your data, just in case your system gets compromised by any unforeseen event. This particular bout of malware seems to have been crafted meticulously and it will take some time for relevant parties – such as security software providers – to strengthen their defenses against it and provide optimal solutions to their users.


Follow us on Social Media:
By | 2018-02-08T21:12:29+00:00 February 8th, 2018|News|0 Comments

Leave A Comment