Hackers target ad networks to inject cryptocurrency mining scripts

It's the latest way for hackers to make money — by fooling unsuspected website visitors to mine cryptocurrency in their browser's background.

High-powered mining rigs are usually needed to mine cryptocurrency, but not if you can get website visitors to do it for you. (Image: Immotep/Facebook)

Hackers are now injecting cryptocurrency mining scripts into web advertising platforms to make a quick buck, security researchers have found.

Trend Micro wrote in a blog post Wednesday that its researchers tracked web miner traffic linked to MSN.com, a popular ad-supported home page, which was displaying an ad that was using a computer's processor to silently mine cryptocurrency in the background.

Also: Hackers are cashing in on cryptocurrency mining -- but here's why they're avoiding bitcoin

Hackers had injected the widely-used Coinhive code into an ad supplied by the AOL advertising network. Trend Micro alerted AOL to the bad ad, which -- two days later -- was pulled offline.

The researchers didn't say how many visitors were exposed to the cryptocurrency mining ad. The page is the landing page for millions, and typically home by default to Internet Explorer users.

It's the latest twist in how hackers are using distributed mining methods to make money.

Generating bitcoin or other cryptocurrency requires a specialized setup and high-end computer power to mine new coins. But because most home computer rigs aren't best equipped for mining cryptocurrency on a large scale, hackers are now turning to infecting large-scale distributed platforms -- like apps, websites, and now ad networks, which display ads on millions of computers each day. That puts the processing power (and additional electricity resources) on individual computers -- albeit without the user's consent.

It's not the first time an ad network has been targeted by hackers to inject cryptocurrency mining code into their ads.

In January, Trend Micro found that Google's DoubleClick ad network was also serving Coinhive mining code on high-traffic sites. Over a week long period, the researchers found a near three-fold increase in the number of Coinhive miners across the web, ready to take advantage of individuals' spare computer power.

A similar cryptocurrency mining scheme for a time relied on YouTube ads to drain the processing power of individuals' computers.

As ads become more intrusive and websites act more aggressively in their money-making tactics, some news sites are actively embracing cryptocurrency mining code instead of serving traditional display ads.

TechRepublic: Nearly 50K websites infected with cryptocurrency mining malware, research finds

It's a controversial technique, but not inherently illegal.

Salon became the first mainstream publication to ask users to consent to running the mining code on their computers while they read, instead of displaying ads.

But not everyone is happy about the prospect of paying for content with their electricity bills, either. There are several Coinhive and other cryptocurrency mining script blockers that hook into your browser to prevent these scripts from running.

Researchers at Chinese cybersecurity firm Netlab 360 revealed recently that an unnamed ad network figured out a way to bypass those script blockers altogether -- in part by rotating through seemingly randomly generated domain names.

Got a tip?

You can send tips securely over Signal and WhatsApp at 646-755–8849. You can also send PGP email with the fingerprint: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Read More