image post

Cryptojacking and Ads that mine with your CPU

author image

Marketing Specialist

Last updated October 15, 2021

Considering how much Bitcoin is worth, it is no surprise that the bad actors are plaguing the cryptocurrency world with their hacking and scams. Cryptojacking is just another tactic these hackers use in order to make a profit, exploiting unsuspecting internet users.

One of the most common approaches to cryptojacking is to inject scripts through infected ads and websites in the visitors’ computers or browsers. And unfortunately, this phenomenon negatively impacts the whole digital advertising industry, including crypto advertising

The audience gets a lot more suspicious regarding ads, and advertisers might mistakenly get associated with the source of the infection.

To avoid all these problems related to cryptojacking, let’s take a minute and understand what it is, how it works, and how to prevent it. 

What is cryptojacking?

What is cryptojacking

Cryptojacking is a tactic practiced by hackers to use computers unauthorizedly in order to mine cryptocurrency.

With this tactic, the attacker is looking to collect computational power from a vast network of computers to run the same operations a mining rig would.

By doing so, the hacker is avoiding the cost of building and maintaining a competitive mining rig, as well as diminishing the risks he’s exposed to while obtaining cryptocurrencies from proof-of-work mining protocols.

In a way, cryptojacking is safer for the hacker because he doesn’t have to interact with the victim and, ironically, safer for the victim because it does not necessarily damage the equipment.

How it works?

The base concept behind cryptojacking is the script running as a background process in order to mine cryptocurrency for the attacker.

The method of infection is the one that varies mainly. And although they change and evolve, the most popular cryptojacking uses are through:

  • Popular pirated and cracked games;
  • Unofficial browser extensions or fake copies of popular extensions;
  • A malicious link sent through email that loads crypto mining code on the victim’s computer;
  • Infecting a website with javascript code that auto-executes once loaded on the victim’s browser;
  • Deploying online ads infected with javascript code that auto-execute once loaded on the victim’s browser.

In the end, it is a type of malware, and unfortunately, it is quite hard to trace. But on the bright side, cryptojacking malware doesn’t directly damage the equipment it attacks or the victims’ data.

They only steal CPU processing power which slows down performance. However, don’t treat it lightly because long-term overclocking and overheating can ultimately damage your computer.

Ads mining crypto with your CPU

Ads mining crypto with your CPU

Cryptojacking with ads is a real threat to the online advertising industry because it hurts all parties involved.

As mentioned before, an online ad can be infected with javascript code that auto-executes once loaded on the victim’s browser.

Once the malware is found, not only the victim suffers, but it may also hurt the advertiser’s brand, the website that deployed the ad, and the ad network’s reputation. 

Some advertisers are inclined to think that an ad can get infected only on small websites with custom deals and that they are safe on big ads networks. And in the same way, internet users might think that big websites are safe.

Unfortunately, that’s not the case. In 2018 Ars Tehnica reported that YouTube was caught displaying ads that secretly drain off visitors’ CPUs and electricity to generate digital currency on behalf of anonymous attackers. Apparently, the attackers were abusing Google’s DoubleClick ad platform to display ads infected with web miners to YouTube visitors in several countries, including Japan, France, Taiwan, Italy, and Spain.

The advertising employed publicly available JavaScript offered by Coinhive and private mining JavaScript code to take 80% of a visitor’s CPU during the visit, leaving just enough resources for the computer to run.

Coinzilla DOES NOT condone cryptojacking

Coinzilla DOES NOT condone cryptojacking

As a cryptocurrency advertising industry leader, Coinzilla puts great emphasis on security. 

Therefore, besides checking thoroughly the projects we advertise and the ads they wish to display, we make sure that our publishers are as clean as possible. 

Just as every publisher goes through an in-depth verification, so do our publishers. 

We make sure that our network of +650 websites and apps comprises publishers with a crypto audience with quality traffic and safe to use for internet users.

Preventing cryptojacking

Whether or not you are dealing with cryptocurrency, take steps to prevent cryptojacking before it happens to you. 

To make sure you are not a victim of such an attack, you can:

  • Learn to spot phishing emails and messages from senders you do not recognize. Avoid clicking on any suspicious links and double-check even the senders you know.
  • Block javascript in your browser. 
  • Use antiviruses and officially licensed software.
  • Use privacy-focused internet browsers such as Brave.

And if you suspect you may already be a victim of cryptojacking, try monitoring your resources and processes to find anomalies.

Key takeaways

  • Cryptojacking is a tactic employed by hackers to use computers unauthorizedly in order to mine cryptocurrency.
  • Cryptojacking malware can be deployed through popular pirated and cracked games, unofficial browser extensions, fake copies of popular extensions, malicious links sent through email, websites, and ads infected with javascript codes that auto-executes once loaded on the victim’s browser.
  • In 2018, YouTube was caught displaying ads that secretly drained off visitors’ CPUs and electricity to generate digital currency on behalf of anonymous attackers.
  • Coinzilla does not condone cryptojacking and emphasizes users’ security by thoroughly checking the deployed campaigns and the websites within the publisher network.
  • You can prevent cryptojacking by spotting phishing emails and messages, avoiding clicking on suspicious links, blocking javascript in your browser, using antiviruses and officially licensed software, and using privacy-focused internet browsers such as Brave.
2
Copy link
Powered by Social Snap