The attackers targeted Google’s DoubleClick, which provides Internet ad serving services for distribution, Trend Micro reported on its security intelligence blog. In addition, the maladvertisements also used a separate web miner that connects to a private pool.
Trend Micro has reported its findings to Google about the campaign, which affected Japan, France, Taiwan, Italy and Spain.
Trend Micro noticed a rise in traffic to five malicious domains on Jan 18, and on Jan. 24 it found a near 285% jump in the number of Coinhive miners. The traffic came from DoubleClick advertisements.
Two different web miner scripts were embedded, along with a script displaying the advertisements from DoubleClick. The attacked web page displayed the legitimate advertisement while the two web miners conducted their covert tasks.
The use of the advertisements on legitimate websites is believed to be a ploy to attack a greater number of users.
The traffic connected to these miners declined after Jan 24.
Trend Micro Smart Protection Suites and Worry-Free Business Security protect businesses and users from threats by blocking malicious files and related URLs.
Trend Micro Protection Suites provide capabilities such as behavior monitoring, web reputation services, high fidelity machine learning and application control to reduce the impact of such cryptocurrency miners and other threats.
Featured image from Shutterstock.
Last modified: January 24, 2020 11:16 PM UTC