Trend Micro, a company that provides security software, hardware and services, recently reported Google’s popular DoubleClick has been targeted by cryptocurrency mining code used for mining Monero cryptocurrency. The attacks were noticed between January 18th and 24th, and the countries affected were Japan, France, Taiwan, Italy, and Spain.
A subsidiary of Google, DoubleClick develops and provides ad serving services on the Internet. Agencies, marketers and publishers that serve prominent businesses like Microsoft, Apple, Visa, and Nike are the clients of Google’s DoubleClick. DoubleClick’s products are designed for advertisers and publishers, they automate the administration effort in the ad buying cycle, and the management of ad inventory for publishers. DoubleClick targets users for advertising by collecting information such as IP address, browser etc. from the cookies on their machine.
Cryptocurrency mining is a complex, resource-intensive, and competitive process. A combination of specially designed hardware, special-purpose software, and their users is called “Miner”. A miner is successful in his effort when he creates a new block in the blockchain underlying the cryptocurrency in question. Miners get a small fraction of the cryptocurrency when they are successful in creating a new block. Since miners are rewarded in this way for creating new blocks, the process is highly competitive. To create a new block, a miner has to solve a cryptographic puzzle, essentially by executing massive number-crunching operations very fast, in a competitive environment. This is why the software is typically very powerful, and the hardware also has to be powerful enough to support the software. Miners often use Graphics Processing Units (GPUs) along with the Central Processing Unit (CPU) of the computer.
While the early adopters of cryptocurrency mining had good return on investment (RoI), as time wears on, the RoI diminishes, due to the environment becoming increasingly competitive. Consider the fact that usually there is a cap on the maximum number of a cryptocurrency, for e.g. 21 million for Bitcoin, and you can see that in future the RoI from mining will diminish further. The economics of mining is such that unscrupulous miners will want to grab other people’s computing power to mine cryptocurrencies, since doing so gives them access to larger computing powers and increase their chances of creating a new block. Cryptocurrency mining code being highly resource-intensive, it can slow down the computer or even damage it. For a user who is not into cryptocurrency mining, having her computer hijacked by miners can be very irritating, and potentially damaging.
There have been numerous instances of cryptocurrency miners being injected into the computers of unsuspecting users via online games and websites, for e.g.:
- A player of the popular online game Fortnite had injected Bitcoin mining code to other players.
- On December 2nd 2017, an American, Noah Dinkin, while travelling to Argentina, had visited a Starbucks coffee shop in Buenos Aires. While he tried to connect his laptop to the wifi in the shop, he observed a 10-seconds delay. Upon investigation, he found cryptocurrency miner code injected into his laptop, which was later identified as Monero mining script.
In this particular instance, when the users clicked the ads, the following happened:
- A script displayed the advertisement, as the user would normally expect;
- The advertisement contained a JavaScript code that created a random number between 1 and 100;
- When the random number was greater than 10, the script alerted CoinHive, a Monero cryptocurrency mining service, to utilize 80% of the users CPU for mining of Monero. This would occur 90% of the time.
- For the 10% of occurrences, a private web miner was launched that connected to a private pool.
- Together, the mining scripts would use 80% of the users CPU for Monero cryptocurrency mining, without the user, or the advertiser, knowing anything about it.
People and companies are becoming increasingly aware of this unethical practice of hijacking other people’s computer for cryptocurrency mining, and they have started to take actions. For e.g.:
- Epic Games had sued the player that had distributed Bitcoin mining code to unsuspecting players of the Fortnite
- Malwarebytes has banned the CoinHive service, which distributes miner code that one can deploy on his website using JavaScript, and unsuspecting visitors to the website will have miner code running on their machines.
Companies specializing on cyber security, for e.g. Trend Micro, recommend keeping one’s computer updated by regularly updating and patching their software, especially web browsers. Some experts recommend disabling JavaScript, which may not always be practical, since most websites use JavaScript and disabling them will impact functionality.
