Skip to main content

Is your browser mining bitcoin? ‘Malvertisements’ are hijacking Google Ads

google ads cryptocurrency malware hong kong lifestyle bitcoin
Philippe Lopez/AFP/Getty Images
As if invasive ads weren’t bad enough, Trend Micro uncovered a particularly sinister batch of ‘malvertisements’ that aim to exploit Google’s DoubleClick ad service to serve you ads containing hidden cryptocurrency mining software.

“Attackers abused Google’s DoubleClick, which develops and provides internet ad serving services, for traffic distribution. Data from the Trend Micro Smart Protection Network shows affected countries include Japan, France, Taiwan, Italy, and Spain. We have already disclosed our findings to Google,” Trend Micro reports.

Recommended Videos

As malware goes, it’s actually pretty clever — if also sinister and awful. It operates two separate scripts, one a coinhive cryptocurrency miner, the other a private web miner. Which one it will use is determined by a random number generator. When either one kicks in, it would use 80 percent of the affected computer’s CPU resources for the purposes of mining cryptocurrency.

Please enable Javascript to view this content

“The affected webpage will show the legitimate advertisement while the two web miners covertly perform their task. We speculate that the attackers’ use of these advertisements on legitimate websites is a ploy to target a larger number of users, in comparison to only that of compromised devices,” Trend Micro reports.

Trend Micro goes on to report that the number of incidents of these malvertisements has gone down since January 24, so we might be in the clear. Still, it might be a good idea to make sure your security apps are all up to date — and make sure your browser has its latest security patches. Chances are Google will get the exploit under control quickly, but there are some countermeasures you can implement in the meantime.

“Blocking JavaScript-based applications from running on browsers can prevent coinhive miners from using CPU resources. Regularly patching and updating software — especially web browsers –can mitigate the impact of cryptocurrency malware and other threats that exploit system vulnerabilities,” Trend Micro recommends.

All right, so how can you protect yourselves from this exploit while Google gets it sorted out? Turns out there are a couple things you can do. First, make sure your browser is up to date. You can do that by heading to your preferences and checking for updates in most modern browsers like Chrome and Firefox. Second, run an adblocker on any site that you feel a little uncomfortable about. Lastly, you can always disable JavaScript entirely, but doing so will break a lot of websites and it’s only a good idea if you’re very worried about your security.

Jayce Wagner
Former Digital Trends Contributor
A staff writer for the Computing section, Jayce covers a little bit of everything -- hardware, gaming, and occasionally VR.
Google Chrome’s latest update solves the browser’s biggest problem
Google Chrome icon in mac dock.

Google Chrome is one of the best browsers around, but it's always had a big problem with memory usage. It's finally addressing the issue in a new Chrome 110 update that promises to reduce RAM usage by up to 30% and make the browser for efficient.

Chrome has a reputation for its speed, security, and feature drops, as well as a penchant for hanging on to your precious RAM like an episode of Hoarders. Granted, Google has made strides in improving Chrome's memory efficiency by hibernating tabs in the background, but it still struggles with it compared to Microsoft Edge or Mozilla Firefox.

Read more
Half of Google Chrome extensions may be collecting your personal data
Google Chrome icon in mac dock.

Data risk management company Incogni has found that half of every installed Google Chrome extension has a high to very high risk of collecting personal data, showing a strong correlation to the number of permissions given.

After analyzing 1,237 Chrome extensions found in the Chrome Web Store, a study by Incogni has uncovered some troubling findings. Nearly half (48.7%) of the extensions were found to potentially expose users' personally identifiable information (PII), distribute malware and adware, and record passwords and financial information.

Read more
New phishing method looks just like the real thing, but it steals your passwords
A MacBook with Google Chrome loaded.

Thanks to a new phishing method, hackers could steal all sorts of personal information by simply mimicking real login forms in Application Mode. This is a feature that's available in all Chromium-based browsers, which includes Google Chrome, Microsoft Edge, and Brave.

Using Application Mode allows threat actors to spread highly believable-looking local login forms that look like desktop applications. In reality, all inputs are sent to a malicious attacker.

Read more