Malvertising Campaign Mines Cryptocurrency Right in Your Browser

[LASER_oneXM]

Malware authors are using JavaScript code delivered via malvertising campaigns to mine different cryptocurrencies inside people's browsers, without their knowledge.

Crooks are currently deploying this technique on Russian and Ukrainian websites, but expect this trend to spread to other regions of the globe.

Malicious ads delivered on gaming and streaming sites
The way crooks pulled this off was by using an online advertising company that allows them to deploy ads with custom JavaScript code.

The JavaScript code is a modified version of MineCrunch (also known as Web Miner), a script released in 2014 that can mine cryptocurrencies using JavaScript code executed inside the browser.

Cryptocurrency mining operations are notoriously resource-intensive and tend to slow down a user's computer. To avoid raising suspicion, crooks delivered malicious ads mainly on video streaming and browser-based gaming sites.

Both types of sites use lots of resources, and users wouldn't get suspicious when their computer slowed down while accessing the site. Furthermore, users tend to linger more on browser games and video streaming services, allowing the mining script to do its job and generate profits for the crooks.

Ad blockers twarth some JavaScript mining operations
The good news is that users can protect themselves against surreptitious JS-based cryptocurrency miners hidden in ad code by using an ad blocker.

The mining operation also stops once users leave the site, and no extra clean-up is needed to remove malware from computers.

Ad blockers won't help if the JavaScript mining code loads from outside of designated ad slots/domains — the case when website owners host and load the script from their own domains.