Thousands of internet browsers throughout Europe and Asia have inadvertently fallen prey to cryptocurrency mining malware, as a new report from security firm TrendMicro has shown that hackers have leveraged vulnerabilities in Google’s DoubleClick ad platform to mine Monero.
CoinHive operates without the consent of a user, leaving thousands of users oblivious to the fact that they were lending portions of their CPU to assist with the hackers’ mining operations. Those who became aware of the fact might have noticed performance degradation in their device of choice.
ArsTechnica noted that the malware was further distributed through YouTube, wherein Google deploys ads hosted through DoubleClick.
TrendMicro elaborated on the hackers’ use of malware, describing that:
“The affected webpage will show the legitimate advertisement while the two web miners covertly perform their task. We speculate that the attackers’ use of these advertisements on legitimate websites is a ploy to target a larger number of users, in comparison to only that of compromised devices.”
The firm confirmed, however, that in the wake of Google’s discovery that DoubleClick was being leveraged to proliferate malware, that traffic involving the use cryptocurrency miners had since decreased after January 24.
Moves to disrupt non-consensual mining
Opera recently announced that it has moved to add cryptocurrency mining protection as a standard feature across all its mobile browsing platforms.
The firm’s new anti-cryptocurrency mining feature will now be activated by default on both Opera Mini and Opera for Android, giving its users some piece of mind while browsing the web.
It remains to be seen what move Google may take to refine DoubleClick in the wake of its malware delivery.
Malware that propagates non-consensual cryptocurrency mining is estimated to affect over one billion users around the world, while some three million websites are further predicted to have been exposed to ‘cryptojacking’-scripts.
Have your say!
How could websites safeguard their users against non-consensual cryptocurrency mining? Be sure to let us know your opinion on Twitter: @coininsidercom!