Skip to main content
  1. Home
  2. Computing
  3. News

Is your browser mining bitcoin? ‘Malvertisements’ are hijacking Google Ads

By

google ads cryptocurrency malware hong kong lifestyle bitcoin
Philippe Lopez/AFP/Getty Images
As if invasive ads weren’t bad enough, Trend Micro uncovered a particularly sinister batch of ‘malvertisements’ that aim to exploit Google’s DoubleClick ad service to serve you ads containing hidden cryptocurrency mining software.

“Attackers abused Google’s DoubleClick, which develops and provides internet ad serving services, for traffic distribution. Data from the Trend Micro Smart Protection Network shows affected countries include Japan, France, Taiwan, Italy, and Spain. We have already disclosed our findings to Google,” Trend Micro reports.

Recommended Videos

As malware goes, it’s actually pretty clever — if also sinister and awful. It operates two separate scripts, one a coinhive cryptocurrency miner, the other a private web miner. Which one it will use is determined by a random number generator. When either one kicks in, it would use 80 percent of the affected computer’s CPU resources for the purposes of mining cryptocurrency.

Related

“The affected webpage will show the legitimate advertisement while the two web miners covertly perform their task. We speculate that the attackers’ use of these advertisements on legitimate websites is a ploy to target a larger number of users, in comparison to only that of compromised devices,” Trend Micro reports.

Trend Micro goes on to report that the number of incidents of these malvertisements has gone down since January 24, so we might be in the clear. Still, it might be a good idea to make sure your security apps are all up to date — and make sure your browser has its latest security patches. Chances are Google will get the exploit under control quickly, but there are some countermeasures you can implement in the meantime.

“Blocking JavaScript-based applications from running on browsers can prevent coinhive miners from using CPU resources. Regularly patching and updating software — especially web browsers –can mitigate the impact of cryptocurrency malware and other threats that exploit system vulnerabilities,” Trend Micro recommends.

All right, so how can you protect yourselves from this exploit while Google gets it sorted out? Turns out there are a couple things you can do. First, make sure your browser is up to date. You can do that by heading to your preferences and checking for updates in most modern browsers like Chrome and Firefox. Second, run an adblocker on any site that you feel a little uncomfortable about. Lastly, you can always disable JavaScript entirely, but doing so will break a lot of websites and it’s only a good idea if you’re very worried about your security.

Editors’ Recommendations

Topics
Jayce Wagner
Jayce Wagner
Former Digital Trends Contributor
A staff writer for the Computing section, Jayce covers a little bit of everything -- hardware, gaming, and occasionally VR.
Get paid in cryptocurrency for viewing ads in the new Brave browser
earn cryptocurrency in brave browser blocks google

Brave Software officially launched version 1.0 of its Brave web browser on Wednesday, November 13. The first version launched in January 2016 and has since gained more than 2.8 million active users daily and eight million active users monthly. It’s based on Google’s Chromium browser and relies on Basic Attention Tokens (BAT) to generate revenue.

The idea behind Brave’s BAT system is to reward content creators using cryptocurrency. It doesn’t generate virtual coins in the background, but rather provides means for readers to tip 300,000 participating Brave Certified Publishers. These include The Washington Post, The Guardian, MarketWatch, and more.

Read more
Update your Google Chrome browser now: New exploit could leave you open to hacks
Google Chrome Stock Photo

If you’re a Google Chrome user, you should update the browser immediately. Google released a software update to the browser late yesterday evening that patches two zero-day vulnerabilities to the browser that could potentially allow the browser to be hijacked by hackers.
One of the vulnerabilities affects Chrome’s audio component (CVE-2019-13720) while the other resides in the PDFium (CVE-2019-13721) library.
Hackers can corrupt or modify the data in Chrome’s memory using the exploit, which will eventually give them access to the computer as a whole.
One of the exploits, CVE-2019-13720 has been discovered in the wild by researchers at Kaspersky.
Google says that the update to the browser will be rolling out to users automatically over the coming days and weeks.
That said, if you’re a Chrome user it would be more prudent for you to go ahead and do that update manually right now instead.
To make it happen you’ll want to launch Chrome on your computer and then click on “Chrome” in the menu bar followed by “About Chrome.” That will launch the Settings menu. From there,  click “About Chrome” at the bottom of the menu on the left. That will likely trigger an automatic update if yours hasn’t already happened. If it doesn’t, you’ll see a button to manually update the browser as well.
Once you update the browser you should be good to go without fear of the security threat becoming an issue. Last month many Mac users ran into issues with Google Chrome when it seemed to send computers into an endless reboot cycle.
An investigation by Mac enterprise and IT blog Mr. Macintosh found that the issue was actually a bug that deletes the symlink at the/var path on the Mac it’s running on, which essentially deletes a key in the MacOS system file.
That issue only impacted Macs where the System Integrity Protection (SIP) had been disabled. The issue particularly impacted older Macs that were made before SIP was introduced with OS X El Capitan in 2015.
All this comes as Google is gearing up to launch some major updates to Chrome, including one update that will change how you manage tabs using the browser. That update is expected to roll out later this year.

Read more
Trying to buy a GPU in 2023 almost makes me miss the shortage
Two AMD Radeon RX 7000 graphics cards on a pink surface.

The days of the GPU shortage are long over, but somehow, buying a GPU is harder than ever -- and that sentiment has very little to do with stock levels. It's just that there are no obvious candidates when shopping anymore.

In a generation where no single GPU stands out as the single best graphics card, it's hard to jump on board with the latest from AMD and Nvidia. I don't want to see another GPU shortage, but the state of the graphics card market is far from where it should be.
This generation is all over the place

Read more