Skip to main content
  1. Home
  2. Computing
  3. News

Is your browser mining bitcoin? ‘Malvertisements’ are hijacking Google Ads

Add as a preferred source on Google

As if invasive ads weren’t bad enough, Trend Micro uncovered a particularly sinister batch of ‘malvertisements’ that aim to exploit Google’s DoubleClick ad service to serve you ads containing hidden cryptocurrency mining software.

“Attackers abused Google’s DoubleClick, which develops and provides internet ad serving services, for traffic distribution. Data from the Trend Micro Smart Protection Network shows affected countries include Japan, France, Taiwan, Italy, and Spain. We have already disclosed our findings to Google,” Trend Micro reports.

Recommended Videos

As malware goes, it’s actually pretty clever — if also sinister and awful. It operates two separate scripts, one a coinhive cryptocurrency miner, the other a private web miner. Which one it will use is determined by a random number generator. When either one kicks in, it would use 80 percent of the affected computer’s CPU resources for the purposes of mining cryptocurrency.

“The affected webpage will show the legitimate advertisement while the two web miners covertly perform their task. We speculate that the attackers’ use of these advertisements on legitimate websites is a ploy to target a larger number of users, in comparison to only that of compromised devices,” Trend Micro reports.

Trend Micro goes on to report that the number of incidents of these malvertisements has gone down since January 24, so we might be in the clear. Still, it might be a good idea to make sure your security apps are all up to date — and make sure your browser has its latest security patches. Chances are Google will get the exploit under control quickly, but there are some countermeasures you can implement in the meantime.

“Blocking JavaScript-based applications from running on browsers can prevent coinhive miners from using CPU resources. Regularly patching and updating software — especially web browsers –can mitigate the impact of cryptocurrency malware and other threats that exploit system vulnerabilities,” Trend Micro recommends.

All right, so how can you protect yourselves from this exploit while Google gets it sorted out? Turns out there are a couple things you can do. First, make sure your browser is up to date. You can do that by heading to your preferences and checking for updates in most modern browsers like Chrome and Firefox. Second, run an adblocker on any site that you feel a little uncomfortable about. Lastly, you can always disable JavaScript entirely, but doing so will break a lot of websites and it’s only a good idea if you’re very worried about your security.

Jaina Grey
Former Digital Trends Contributor
Jaina Grey is a Seattle-based journalist with over a decade of experience covering technology, coffee, gaming, and AI. Her…
Falling in love with a chatbot is now off limits for kids in China
The crackdown targets emotional AI relationships as regulators worry about the country's record low birthrate.
Replika AI companion app on an iPhone in hand

Ever since AI chatbots arrived on the scene, there has been one aspect that has worried lawmakers and experts a lot: humans forming emotional connections with chatbots. There have been plenty of cases where over-reliance on these AI companions or partners has resulted in medical emergencies, lost lives, and triggered multiple lawsuits against the likes of OpenAI and Meta.

China cracks down on AI companion apps

Read more
Russian hackers keep finding their way into critical networks through neglected routers
A multinational warning says outdated firmware, weak passwords, and insecure settings are giving state-backed attackers an easy opening
A Wi-Fi router next to a laptop.

Russian state-backed hackers have spent more than a decade exploiting a stubborn weakness in critical infrastructure networks. Organizations are still leaving poorly configured and outdated routers exposed to the internet.

In a joint cybersecurity advisory, the NSA, CISA, FBI, and international partners warn that hackers linked to Center 16 of Russia’s Federal Security Service are continuing to target vulnerable networking equipment. Energy, healthcare, and government networks are among the sectors facing the highest risk.

Read more
Canva Code 2.0 just made vibe coding way less intimidating for everyone
Canva Code 2.0 feature

Coding used to be reserved for developers who spent years learning complex languages. That has slowly changed with vibe coding, which lets you build apps and websites using simple, plain-language prompts. 

The problem is that most of these tools still feel intimidating for regular folks, as they still need to understand the code to make any meaningful changes. If not, everything you make tends to look the same.

Read more