The New Trend in Malvertising: Cryptocurrency Mining

If you're aware of cryptocurrency mining, you might not be aware that it's giving rise to the malicious use of browsers by cybercriminals. Mathieu Derval (pictured below), product manager, AdSecure, explains why this is a growing trend, and how the industry can protect consumers against it. 

ExchangeWire: Why did AdSecure decide to develop a crypto-mining detection feature?

Mathieu Derval: AdSecure developed this feature in response to seeing an upward trend in instances of malvertising being used by cybercriminals to use unsuspecting user’s browsers for mining cryptocurrencies. ‘In-browser’ mining of cryptocurrencies in itself is not malicious, but using users' browsers to mine without their permission is. Cybercriminals have seen that there is an opportunity to inject crypto-mining libraries via online advertising without a publisher’s knowledge.

How does cryptocurrency mining work?

Cryptocurrencies are 'mined' (meaning new 'coins' are created) using resource-intensive algorithms. This makes the process more and more expensive for miners in terms of hardware and electricity as more coins are mined. This is the reason why they need to hook up to many computers in order to keep mining the cryptocurrencies; one solution that miners have found is to use users' computers, without them knowing about it. Cryptocurrency mining is the process of securing transactions and committing them into the cryptocurrency public blockchain. In other words, mining consists of verifying and consolidating the cryptocurrency’s blockchain.

Who stands to benefit from cryptocurrency mining?

Any individual or organisation capable of gathering enough resources to process the operations of mining can potentially benefit from such activity. Cryptocurrencies have grown in popularity and increased in value over the last few years. In fact, Techcrunch recently reported that Bitcoin is now valued at more than USD$5,000 (£3,758) a coin, so mining can be very lucrative. Not all cryptocurrencies are mined in the same way. Bitcoin, for example, requires intensive resources from expensive and dedicated hardware, and the more transactions needed means more resources are required in order to solve these complex operations. However, some other currencies such as Monero, ZCash, Feathercoin, and Litecoin were designed to be mined on standard CPUs, allowing miners to generate revenues with these coins using more limited resources.

Why is it an issue for publishers and consumers?

Publishers monetise their audience by selling their ad inventory via ad networks. Depending on their guidelines, some ad networks will allow advertisers to distribute custom JavaScript instead of a traditional digital ad. This is potentially malicious, because the JavaScript could inject crypto-mining libraries on users’ computers every time they visit an affected website.

Additionally, for the consumer, they will be unknowingly allowing the resources of their computer to be used, along with the electricity that they are paying for to power their computer for third-party criminal mining.

How does AdSecure detect and prevent cryptocurrency mining?

AdSecure detects cryptocurrency mining by analysing and measuring the content and the resources used by landing pages linked to a specific banner ad. Once our system has detected suspicious activity, we immediately notify the ad platform and/or the publisher who is hosting the campaign, allowing them to take action against the malicious advertisers.

It seems like downloading and setting up the mining software is fairly straightforward. Is stopping the mining of cryptocurrency an impossible task?

Within the scope of our detection, that is to say when such libraries are injected or published on websites, there are a few ways to stop the mining of cryptocurrency. For ad platforms or publishers, it would consist of using an ad-verification tool like AdSecure, that will analyse their offers and detect specific violations such as crypto-mining activity. For consumers, installing an ad blocker would stop most of the execution of these types of JavaScripts, but one has to bear in mind that cybercriminals are constantly looking for new ways to bypass ad blockers.

What other types of threat is AdSecure seeing as a future trend?

Two technologies that are predicted to see massive consumer adoption are virtual reality and augmented reality. Both are in the experimental stages, with regards to ad-format technology, and could become a new exploitation gateway for cybercriminals, so that is something that AdSecure is monitoring closely.