Coinhive miners emerged and became widely used in late 2017, and, since then, they have not gained a positive reaction from the public. Although Coinhive is meant to offer website owners a chance to make money without displaying advertisements, more and more instances where the miner is used by malicious parties are recorded. Last year, the miner was employed by the creators of a tech-support scam and the SafeBrowse extension. It was also found operated via WordPress and Magneto sites, as well as showtime.com and showtimeanytime.com. There is a full report explaining how exactly malicious parties can exploit Coinhive. This time, the suspicious miner has been linked to the Google’s DoubleClick service.
A miner is a tool that is capable of exploiting system’s CPU resources for the sole purpose of mining cryptocurrency. This action creates virtual money out of thin air, and that is why both harmless and malicious parties are interested in it. Coinhive offers to mine Monero, which is comparable to Bitcoin, the most popular cryptocurrency in the world. According to the report by Trend Micro, detections of the miner increased by 285% when attackers were found exploiting Google’s DoubleClick service. The uncovered malvertising campaign was not only using Coinhive but also another miner connecting to a private pool. The attacker used two miner scripts and a script to show a DoubleClick ad. Although the advertisement is legitimate, the two embedded miners are connecting to the system’s computer processing power to mine Monero.
Users might realize that the sites they visit or the ads they see are used for Monero mining by Coinhive because of the incredible CPU usage. It is easy to check the CPU usage via the Task Manager’s Performance menu. If the number is at 80% or above, there is a great possibility that a miner is activated. On the other hand, this could be a sign of malware too. In this case, of course, the user must scan their operating system to check for malware, and, if it exists, delete it ASAP. When it comes to miners, extensions are being offered for blocking them, but those are dubious. However, it is a great idea to install a trustworthy ad-blocker because it not only disables ads but also stops miners that rely on them.
Chen, J. C. and Liu, C. January 26, 2018. Malvertising Campaign Abuses Google’s DoubleClick to Deliver Cryptocurrency Miners. Trend Micro.
Sulleyman, A. January 30, 2018. Malicious YouTube Ads Secretly Slowed Down Computers and Earned Bitcoin Alternative Monero For Attackers. Independent.