Malvertising and Embedded Code Mines Cryptocurrency in Web Browsers

Researchers at ESET recently discovered a profit-motivated malvertising campaign that performs cryptocurrency mining within the space reserved for advertisements on various websites. The threat actors behind this campaign purchase space on an online advertising network and use it to execute JavaScript within the browsers of unsuspecting website visitors. The JavaScript then uses the system’s CPU to conduct the mining operation unbeknownst to the visitor, resulting in excessive CPU consumption and reducing or eliminating processing power needed for other system tasks. Additionally, the NJCCIC detected a number of compromised and fraudulent websites containing embedded cryptocurrency-mining Javascript code. Two examples of these types of these embedded miners include CoinHive and JSEcoin. In 2015, the New Jersey Division of Consumer Affairs issued a Consent Order declaring that the use of code on websites designed to utilize visitors’ systems to mine cryptocurrency without their knowledge or consent is equivalent to gaining unauthorized access to a person’s computer system. The NJCCIC recommends users consider installing a reputable ad-blocking and/or script-blocking extension in their browsers. In addition, a browser extension specifically created to block cryptocurrency mining elements in websites – called No Coin – is currently available for Chrome users. The NJCCIC recommends exercising caution when installing browser extensions and encourages thoroughly researching the developer and the activity conducted by the extension prior to installation. If your system has already been impacted by this threat, block the offending website(s), close the web browser, and perform a system reboot to ensure that all associated mining operations have ceased.