Ars Technica reports that attackers are using Google’s DoubleClick ad platform to display ads that contain a malicious element to mine cryptocurrency.
What is crypto mining?
Cryptocurrencies, such as Bitcoin and Etherium, are digital currencies that use cryptography to secure transactions, verify transfers, and to control the creation of new units of the currency.
Cryptocurrencies do not have a central controlling entity such as a governmental treasury department. Instead, control is decentralized into blocks. Each block contains a timestamp, transaction data, and a link to a preceding (older) block. When a series of blocks are linked together, that is a blockchain. You can think of a blockchain as a public ledger of all the transactions for a given cryptocurrency, with the data stored in multiple locations across a wide network instead of just one single node.
Since there is no central controlling entity, there needs to be a way to collect transactions into blocks. That’s where the miners come in. They create these blocks and every time their block is added to the chain, they are paid with the cryptocurrency they are mining. The process of crypto mining is designed to be computationally intensive so the cryptocurrency is not devalued by the miners. As you can imagine, there is a lot of competition between miners and on top of that, the number of miners is continuously growing.
Think of it like this. You have a huge jar full of jellybeans and thousands of people trying to guess the number of jellybeans in the jar. Each person can make as many guesses as they want so the person who is able to make guesses faster has a better chance of making the correct guess.
Cryptojacking
In the past, it was possible for one person to do crypto mining with just a regular PC. Now there are companies with data centers full of high-end computing gear that do nothing but generate guesses and wait for the jar with the right number of jellybeans to come along. Most individuals can’t afford the computer hardware or even the electricity that is required to power such an operation. So instead, they turn to the World Wide Web.
There are websites that have crypto mining instructions built-in to them so that when you visit one, it uses your computer to do the mining. You’re paying the bill and the owners of the website get to keep the profit. One of the first examples of this is the CoinHive program that ran when you visited Pirate Bay. Since then, more mining programs have been created and lots of other websites that are using them.
Now, attackers have created ads containing the CoinHive cryptojacking program and are using Google’s DoubleClick ad system to display these malicious ads on YouTube. Google was quick to say how good they are at catching ads that violate their policies but evidence indicates these ads ran for as long as a week.
How to protect yourself
There are some things you can do. First and foremost, use a good anti-virus/anti-malware program and make sure you have the current updates installed. Most AV programs will give you a warning if a website is hosting a cryptojacking program.
Another way to prevent cryptojacking software from using your computer is to block JavaScript applications from running in your web browser. Firefox and Chrome have add-ons that will accomplish this. Safari has JavaScript disabled by default so unless you’ve gone into the settings and enabled it, you don’t need to do anything.
A third thing you can do is block ads. The downside to this is that there are a lot of good websites that rely on ad revenue to keep running and to provide information and services free of charge. My recommendation is to use ad blockers judiciously and rely primarily on your anti-malware software.
About IronSocket