Malvertising campaign delivers cryptocurrency miners

Cyber criminals are abusing Google’s DoubleClick service to deliver a Coinhive cryptocurrency miner as part of a malicious campaign.

According to the Trend Micro report, detections have nearly tripled (up 285%) on January 24th of this week. Nearly a week earlier on January 18, an increase of traffic to five malicious domains was also observed. 

The malicious advertisements were found on high-traffic sites (from Japan, France, Taiwan, Italy, and Spain) and used Coinhive as well as a separate miner.

Trend Micro also noticed pages infected with the malvertisements included two different embedded miner scripts, as well as another one that displays the advertisement from DoubleClick. 

Leave a Reply