Home / News & Analysis / New Malicious Ads Mine Cryptocurrency in Your Browser

New Malicious Ads Mine Cryptocurrency in Your Browser

The ultimate goal of malware writers and distributors is to make money. The easier it is to do that the better, and if it's possible without having to hack and infect PCs, all the better. And it looks as though cybercriminals have figured out how to do just that through a combination of JavaScript and cryptocurrency mining.

Security vendor ESET discovered this new technique in some JavaScript files. What the cybercriminals do is buy traffic from an advertising network and use that to distribute the malicious adverts (known as malvertising). The JavaScript they contain utilizes the victim's computer resources to mine cryptocurrency. This slows down their system due to the extra load, which the user is sure to notice. However, the adverts are targeted at video streaming and in-browser gaming websites, so the user will expect a performance hit and therefore overlook the sudden slow down (that's the theory, anyway).

Another advantage of displaying these adverts on video and gaming sites is there's a much greater chance a user will keep the site open for longer. That translates into more time to mine and more cryptocurrency for the cybercriminals.

Popular cryptocurrencies such as Bitcoin require dedicated hardware to make mining worthwhile, and therefore isn't appropriate for this malvertising setup. Instead, ESET lists ZCash, Feathercoin, Litecoin, and Monero as the focus.

Related

So far the countries targeted by these malicious adverts include Russia, Ukraine, Belarus, Kazakhstan, and Moldova, with Russia being the main target. The adverts seem likely to spread further afield and head west, though, due to the potential to tap millions more PCs and generate more cryptocurrency.

ESET named the malicious scripts as JS/CoinMiner.A and offers protection to ESET security suite users through Potentially UnSafe Apps detections. For everyone else, the company recommends using a well-configured script or ad blocker to stop the JavaScript miners from running.

Read more

Check Also

PwC staves off disruption with immersive emerging tech training

The big accounting firms are under pressure from digital disruption just like every industry these days, but PwC is trying a proactive approach with a digital accelerator program designed to train employees for the next generation of jobs. To do this, PwC is not just providing some additional training resources and calling it a day. They are allowing employees to take 18 months to two years to completely immerse themselves in learning about a new area. This involves spending half their time on training for their new skill development and half putting that new knowledge to work with clients. PwC’s Sarah McEneaney, digital talent leader at PwC was put in charge of the program. She said that as a consulting organization, it was important to really focus on the providing a new set of skills for the entire group of employees. That would take a serious commitment, concentrating on a set of emerging technologies. They decided to focus on data and analytics, automation and robotics and AI and machine learning. Ray Wang, who is founder and principal analyst at Constellation Research says this is part of a broader trend around preparing employees inside large organizations for future skills. “Almost every organization around the world is worried about the growing skills gap inside their organizations. Reskilling, continuous learning and hand-on training are back in vogue with the improved economy and war for talent,” he said. PwC program takes shape About a year ago the company began designing the program and decided to open it up to everyone in the company from the consulting staff to the support staff with goal of eventually providing a new set of skills across the entire organization of 50,000 employees. As you would expect with a large organization, that started with baby steps. Graphic: Duncan_Andison/Getty Images The company designed the new program as a self-nomination process, rather than having management picked candidates. They wanted self starters, and about 3500 applied. McEneaney considered this a good number, especially since PwC tends to be a risk-averse culture and this was asking employees to leave the normal growth track and take a chance with this new program. Out of the 3500 who applied, they did an initial pilot with 1000 people. She estimates if a majority of the company’s employees eventually opt in to this retraining regimen, it could cost some serious cash, around $100 million. That’s not an insignificant sum, even for a large company like PwC, but McEneaney believes it should pay for itself fairly quickly. As she put it, customers will respect the fact that the company is modernizing and looking at more efficient ways to do the work they are doing today. Making it happen Daniel Krogen, a risk assurance associate at PwC decided to go on the data and analytics track. While he welcomed getting new skills from his company, he admits he was nervous going this route at first because of the typical way his industry has worked in the past. “In the accounting industry you come in and have a track and everyone follows the track. I was worried doing something unique could hinder me if I wasn’t following track,” he said. Graphic: Feodora Chiosea/Getty Images He says those fears were alleviated by senior management encouraging people to join this program and giving participants assurances that they would not be penalized. “The firm is dedicated to pushing this and having how we differentiate this against the industry, and we want to invest in all of our staff and push everyone through this,” Krogen said. McEneaney says she’s a partner at the firm, but it took a change management sell to the executive team and really getting them to look at it as a long-term investment in the future of the business. “I would say a critical factor in the early success of the program has been having buy-in from our senior partner, our CEO and all of his team from the very start,” She reports directly to this team and sees their support and backing as critical to the early success of the program. Getting real Members of the program are given a 3-day orientation. After that they follow a self-directed course work. They are encouraged to work together with other people in the program, and this is especially important since people will bring a range of skills to the subject matter from absolute beginners to those with more advanced understanding. People can meet in an office if they are in the same area or a coffee shop or in an online meeting as they prefer. Each member of the program participates in a Udacity nano-degree program, learning a new set of skills related to whatever technology speciality they have chosen. “We have a pretty flexible culture here…and we trust our people to work in ways that work for them and work together in ways that work for them,” McEneaney explained. The initial program was presented as a 12-18 month digital accelerator tour of duty, Krogen said. “In those 12-18 months, we are dedicated to this program. We could choose another stint or go back to client work and bring those skills to client services that we previously provided.” While this program is really just getting off the ground, it’s a step toward acknowledging the changing face of business and technology. Companies like PwC need to be proactive in terms of preparing their own employees for the next generation of jobs, and that’s something every organization should be considering.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Disclaimer: Trading in bitcoins or other digital currencies carries a high level of risk and can result in the total loss of the invested capital. theonlinetech.org does not provide investment advice, but only reflects its own opinion. Please ensure that if you trade or invest in bitcoins or other digital currencies (for example, investing in cloud mining services) you fully understand the risks involved! Please also note that some external links are affiliate links.