How cryptojackers maliciously worm their way into ads to turn your computer into their mining zombie · 2018-01-09 20:37 by Ben Williams
Cryptocurrency’s fire right now. You probably own some. Hell, your grandmother’s probably got some Ethereum stockpiled to leave your grandpa with.
As it grew in popularity, it was pretty much inevitable that people would start to game some aspect of it. The first scam came from websites that tried to cryptojack your computer to mine for them directly. Like ye olde Pirate Bay, which enlisted your computer’s CPU to power its crypto mines, so they wouldn’t have to rely on ads. Some people didn’t want their CPU being treated like that. So we told you about this back in September and provided instructions on how to avoid getting cryptojacked when you visit a website.
Betcha wouldn’t have guessed that something rotten like this would seep into the pristine waters of online ads, did ye? Well, recently CoinDesk reported that cryptocurrency mining is being performed directly from ads. Whereas before it was the website itself that was mining, now it’s an infected ad … which could turn up on any ad network, then show up on any site – unbeknownst to the network, the site … and you. In this case it was an advertising platform called Spotad, which spotted some suspicious activity on its network that turned out to be an ad that would force your computer to mine crypto for it.
Basically, if you interacted with the ad, your computer would start mining for a boss you’ll never see and who’ll never pay you … but who sucks the CPU out of your computer for its mining habit. PC Magazine even warned about this problem back in September, saying the practice was mainly isolated to Russian-speaking ad networks. Seems it’s on the move.
Really, it works just like malvertising, when ads stuffed with malvertising sneak onto legitimate ad networks. It’s just that now the ads will be sucking your CPU for sweet crypto.
The good news: since you’re reading this blog, you’re probably safe. You’re likely blocking ads and therefore keeping out the cryptojackers who have learned to disguise themselves as ads. Best tell Grandma though … err, wait, if she owns all that crypto, she’s probably been blocking ads since ’06 … Maybe it’s time to have a chat with Grandpa?