The number of cyber-attacks against cryptocurrencies is increased due to a rapid increase in the value of currencies such as Bitcoin and Ethereum.
Hackers targeted almost any actor involved in the business of cryptocurrencies, single users, miners and of course exchanges.
Security firms have detected several malware applications specifically designed to steal cryptocurrencies, and many websites were compromised to install script used to mine virtual coins abusing computational resources of unaware visitors.
Researchers at Trend Micro uncovered a spike in the number of Coinhie miners over the past few days apparently linked to Google’s DoubleClick ads that are proposed on YouTube and other sites.
“On January 24, 2018, we observed that the number of Coinhive web miner detections tripled due to a malvertising campaign. We discovered that advertisements found on high-traffic sites not only used Coinhive (detected by Trend Micro as JS_COINHIVE.GN), but also a separate web miner that connects to a private pool.” states the analysis published by Trend Micro.
“We detected an almost 285% increase in the number of Coinhive miners on January 24. We started seeing an increase in traffic to five malicious domains on January 18. After closely examining the network traffic, we discovered that the traffic came from DoubleClick advertisements.“
The researchers observed two separate web cryptocurrency miner scripts, both hosted on AWS, that were called from a web page that presents the DoubleClick ad.
“The two web miners were configured with throttle 0.2, which means the miners will use 80% of the CPU’s resources for mining.” continues the analysis.
Google promptly took action against the ads that abuse users’ resources violating its policies.
(Security Affairs – cryptocurrency, Coinhive)