Websites and publishers need to be prepared for cryptocurrency miners slipping into ads on their sites, according to Israeli adtech firm Spotad.
The company, which operates an AI-powered advertising platform for purchasing media space, recently discovered cryptocurrency mining activity on its network, a development the company claims is becoming part of wider trend.
According to co-founder Yoav Oz, the agency responsible for the ad was unaware of the code that was embedded inside. The name of the agency or the subject of the ad has not been disclosed.
"Look at what's happening today around this entire cryptocurrency world, you see how much money is involved, you see the volume picking up week by week," added Tomer Horev, chief strategy officer, who led the team that discovered the code.
He told CoinDesk:
Oz and Horev explained that Spotad's AI system regularly monitors for irregularities in ads and is now being trained at spotting cryptocurrency mining scripts.
Some of the key signals include a lack of click or behavior patterns typically seen in legitimate ads. "It was showing a different kind of behavior where users were not clicking much, there was no engagement on the ad. That’s where we got the signals out of our system," said Horev.
Why monero though? The cryptocurrency is currently trading at around the $440 mark while bitcoin is having its bumper year, topping $18,000. According to Oz and Horev, it’s simply easier to mine surreptitiously.
"This type of cryptocurrency has value harvesting through low end devices," he continued.
This week Russian cybersecurity firm publicized a piece of Android malware called Loapi that is spread through ad campaigns and app stores, which can mine for monero even with low-powered processors.
Cryptocurrency miners have become a controversial topic after torrent site The Pirate Bay tested out a monero mining code that it claimed it was testing as an alternative to advertising. Even sites from TV network Showtime and MMA organization UFC had run code from CoinHive, which makes this type of script for mining monero. In these cases, users were not immediately aware that their CPUs were being put to work mining for cryptocurrency.
Symantec published a report this week that stated there is now a cryptocurrency miner “arms race” under way as more cybercriminals seek ways to cash in on the cryptocurrency buzz, whether it’s monero or other coins like zcash or ether.
Time to act
Per the Symantec report, publishers and website owners need to be vigilant with the integrity of their websites’ source and be wary of any injections that may be miner scripts. Online publications typically use tools to detect fraudulent activity or inappropriate traffic on their sites.
These tools will need to evolve to consider miners, added Horev.
"I think here requires a different type of fraud detection that when something happens on the device itself and not on the publisher website. I’m not sure that this type of technology is yet to be introduced in fraud detection tools but I believe it’s just a matter of time," he said.
For regular users, the tell-tale signs are a little easier to spot as the CPU will run at 100% and the responsiveness of the site in question, and even the entire device, will slow down. Some antivirus and security software vendors have moved to block scripts suspected of being miners.
"The motivation is out there [to mine]," said Horev. "It’s time for more action to be taken and fraud and detection tools to get into the game."
Crypto malware via Shutterstock
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.