Ad Network Uses DGA Algorithm to Bypass Ad Blockers and Deploy In-Browser Miners

Solarquest

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
An advertising network is hiding in-browser cryptocurrency miners (cryptojacking scripts) in the ads it serves on customer sites, and has been doing so since December 2017, according to revelations made over the weekend by the Qihoo 360 Netlab team.

Further, this malicious advertising network has also found an efficient trick at avoiding users with ad blockers, a trick it use to make sure both its ads and the cryptojacker reach all intended targets.

Ad network borrows well-known malware trick
The advertising network —whose identity researchers did not reveal but only referred to as DGA.popad— uses a trick normally utilized by malware families —namely a domain generation algorithm (DGA).

Malware strains —mostly banking trojans— use DGAs to generate unique domain names for each day to which infected hosts connect to receive new commands from the main command and control (C&C) server.

DGAs are highly efficient because only the malware's author know how the DGA algorithm works and they register domains in advance, knowing the malware will connect to it at a point in the future. When security researchers break DGA algorithms, usually this helps authorities take over the malware's infrastructure.

How the ad network uses DGAs
..
..
 
  • Like
Reactions: Stopspying, vtqhtr413, frogboy and 7 others
Prorootect

Prorootect

Level 69
Verified
Nov 5, 2011
5,855
I've to say: don't click on ads, personally I don't see ads.
Don't have miner in my browsers. - try CryptojackingTest.com: Cryptojacking Test - look on Post #56
- and don't go to "sites that offer free download or adult content"... - I don't do this.

EDIT:
Another test to do: If the miner doesn't start, your browser is safe!: mineblock.org: MINEBLOCK - Block web miners & crypto scripts
 
Last edited:
  • Like
Reactions: Stopspying, vtqhtr413 and Deleted member 65228
D

Deleted member 65228

Prorootect said:
- and don't go to "sites that offer free download or adult content"... - I don't do this.
Click to expand...
I can't blame people for it and they can download whatever they want to download but that is actually a HUGE source of malware distribution... or at-least it was many years ago. Streaming adult websites are well known for their advertisements/pop-ups as well, and the scripts embedded in them likely have started to have a rise with crypto-currency mining. In the past, even exploits have been embedded on such redirected websites/popups, etc.
 
  • Like
Reactions: Prorootect and frogboy
You must log in or register to reply here.

Similar threads

oldschool
    • +Reputation
    • Like
    • Thanks
Privacy News Protecting Your Privacy While Eroding Your Democracy: Apple's and Mozilla's PPAs (Privacy Preserving Ad Attribution) Considered Harmful
Replies
2
Views
487
Security News
bazang
bazang
Gandalf_The_Grey
    • Like
    • Applause
    • +Reputation
Hot Take Cisco: We all just need to agree that ad blockers are good
Replies
2
Views
973
General Security Discussions
Arequire
A
silversurfer
    • Like
    • +Reputation
New Update AdGuard Browser Extension finally migrates to MV3: release now available
Replies
0
Views
276
AdGuard
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top