As if invasive ads weren’t bad enough, Trend Micro uncovered a particularly sinister batch of ‘malvertisements’ that aim to exploit Google’s DoubleClick ad service to serve you ads containing hidden cryptocurrency mining software.
“Attackers abused Google’s DoubleClick, which develops and provides internet ad serving services, for traffic distribution. Data from the Trend Micro Smart Protection Network shows affected countries include Japan, France, Taiwan, Italy, and Spain. We have already disclosed our findings to Google,” Trend Micro reports.
As malware goes, it’s actually pretty clever — if also sinister and awful. It operates two separate scripts, one a coinhive cryptocurrency miner, the other a private web miner. Which one it will use is determined by a random number generator. When either one kicks in, it would use 80 percent of the affected computer’s CPU resources for the purposes of mining cryptocurrency.
“The affected webpage will show the legitimate advertisement while the two web miners covertly perform their task. We speculate that the attackers’ use of these advertisements on legitimate websites is a ploy to target a larger number of users, in comparison to only that of compromised devices,” Trend Micro reports.
Trend Micro goes on to report that the number of incidents of these malvertisements has gone down since January 24, so we might be in the clear. Still, it might be a good idea to make sure your security apps are all up to date — and make sure your browser has its latest security patches. Chances are Google will get the exploit under control quickly, but there are some countermeasures you can implement in the meantime.