Ad Banners use your browser to mine for their bitcoin

Malvertising can do many things, a common trick is when it hijacks your browser and redirects you to another website. Similarly, it could open another browser window and send that traffic to another website. This trick is not new, we've seen and reported on it for years. It's so common you may see it today at imgur if you turn your ad blocker off. Ad networks never did quite get the hang of stopping such shenanigans, so user have blocked ads instead.

Welivesecurity report on a new trick in the old banner ad hijack, one where sneaky JavaScript files are apparently used to mine cryptocurrencies directly within the browser. Your browser. It's a quick and dirty way of distributing the Javascript to many computers at once, with little effort.

We started digging into our telemetry and found that the threat was partially distributed using malvertising. This kind of CPU-intensive task is generally prohibited by the majority of ad networks because it substantially degrades the user experience. It might seem counterintuitive to mine cryptocurrencies in the browser – we know that mining bitcoins requires a lot of CPU power – but the cybercriminals, as we will see later on, chose to mine cryptocurrencies that do not require custom hardware to mine effectively. Also, it is easier to reach a significant number of machines by “infecting” websites than it is by infecting user machines.

Welivesecurity then goes into great detail of how the Javascript hijacks your browser CPU, and where this is most common on the web. The five main countries affected are Russia, Ukraine, Belarus, Kazakstahn and Moldova - but the Javascript doesn't discriminate based on IP, the spread is via language.

Weivesecurity also notes that this isn't a new idea at all, and reminds us of Tidbit, a company created by MIT students that offered web masters a javascript that would mine Bitcoin in visitors browsers as an alternative to hosting banner ads. However, Tidbit was served a subpoena by the New Jersey Attorney General’s office because they used the users’ computing power without their agreement, and after a settlement, Tidbit was abandoned.

The websites that are targeted with this are popular video streaming and game streaming services, ensuring that the visitor and their browser stay around for as long as possible to mine.

To ensure that your browser isn't hijacked in this manner, you can use various plugins to block Javascript in general and bitcoin mining in particular in Chrome. You can also harden your system with anti virus products that can be set to block unwanted scripts using your system.

about the author

Dabitch Creative Director, CEO, hell-raising sweetheart and editor of Adland. Globetrotting Swede who has lived and worked in New York, London, San Francisco, Amsterdam, Copenhagen and Stockholm.

Leave a comment