Major Malvertising Campaign Mines Cryptocurrencies Using Users’ Browsers

Mining cryptocurrency has become even more popular over the past few months. Unfortunately, this trend has also attracted a lot of attention from cybercriminals. As a result of this growing attention by the wrong crowd, criminals have come up with some unique ways to mine cryptocurrencies using other people’s computers. This new malvertising campaign goes to show how things have devolved over just the past few weeks.

Malvertising Campaign Mines Cryptocurrency

The popularity of malvertising campaigns is on the rise. In most cases, malvertising campaigns are used to distribute malware on a very large scale. These types of malware can cause all kinds of harm, including the mining of cryptocurrency using other people’s computer resources. The latest malvertising campaign shows it is certainly possible to make this process a lot more straightforward.

Rather than tricking users into downloading cryptocurrency mining malware, this new campaign effectively hijacks users’ browsers. Using a piece of JavaScript code, the developers mine different cryptocurrencies directly through the visitor’s browser. The victim will be none the wiser in this regard, as there is no indication anything malicious is going on in the first place. Users may notice their computers responding a bit slower than normal, though.

This new malvertising campaign mainly focuses on gaming and streaming sites. That is not entirely surprising, as gamers often have decent computers with powerful graphics cards. Those GPUs can then be used by criminals to successfully mine cryptocurrency. Malicious ads were distributed through an online advertising company which allows clients to deploy custom JavaScript code. Why such a service is allowed in the first place remains a big mystery to security researchers.

The JavaScript code is a modified version of MineCrunch, a notorious script which can be used to mine cryptocurrency through the browser. MineCrunch was released back in 2014 and seems to be making a comeback in a nefarious package. By delivering ads running this JavaScript code on streaming and gaming sites, most users may not even notice the increased strain on their computer resources.

The criminals were mainly interested in Monero, ZCash, and Litecoin. Moreover, it appears the code is also capable of mining Feathercoin, although that currency has become far less valuable over the past few months. For the time being, it appears only the Monero mining feature has been used in the initial stages  That is not entirely surprising, as Monero is the most anonymous cryptocurrency in the world today.

Thankfully, most users will not see any negative repercussions from this malvertising campaign. Most ad blockers successfully prevent the execution of JavaScript code. However, if the code loads from unusual ad slots, the ad blocker will not be of much help. It will be interesting to see whether or not this malvertising campaign remains active, and if so, how much money it generates in the process.  What is certain is that this will not be the last malvertising campaign focusing on cryptocurrency mining.