In an era of ever-more-sophisticated hackers and cyberattacks, there’s a new type of malware to look out for: crypto-mining Javascript malware embedded in advertisements. These cyberattacks are targeting unsuspecting users who visit pages with affected advertisements. There is virtually no way to know if the rogue ad contains the JavaScript malware that will use your computer’s CPU cycles to “mine” for bitcoins. without examining the code being served. By the time you find out, the hack could have already consumed your CPU load, strained your computer, and infected your web server (thus affecting your customers and users). Here’s how to keep your site safe from this latest form of digital hijacking.
What You Need to Know About Crypto-Mining Advertisement Attacks
Crypto-mining advertisement attacks center on cryptocurrency, or digital currency that uses encryption techniques to regulate currency generation and to verify funds from a central bank. There is a form of cryptocurrency known as Monero that serves as the centerpiece of this latest type of hijacking. According to cyberattack researchers, there are currently thousands of websites that contain rogue advertisements, as well as incidents that are targeting millions of Android users. The advertisements act as doorways to launch these malicious crypto-mining attacks. Here’s how a typical attack works:
- Site visit. You visit a website that, unbeknownst to you, is running outdated software with security risks that have given control to cyberattackers. Known infected sites have included Subaru.com.au, Browsealoud, Telegram’s messaging app, and several Google ads. An advertisement on the site that seems harmless actually contains JavaScript malware.
- Script attachment. Once you visit the site, hackers use their access to the vulnerable website to add code that secretly harnesses your computer’s CPUs and electricity via your web browser. Researchers note that about 80% of these crypto-mining attacks also use malware that can swipe your credit card details, and some can infect your web server.
- Draining of resources. Hackers use your CPUs to generate, or “crypto-mine,” Monero. They reap the benefits of your electricity and hardware while you suffer the consequences. Even after you exit the browser, the malware clings to your system. One attacker has made at least $226,000 worth of Monero coins with this cyberattack.
These crypto-mining attacks are happening worldwide, with no signs of slowing down since their discovery late last year. Multiple attackers are launching malicious campaigns, leveraging the vulnerability of people’s outdated websites to attach malware to advertisements.
How to Stay Safe From Crypto Miners
The reason crypto-mining advertisement attacks have become so rampant is that anyone with even basic scripting skills can become a cybercoin miner, taking down users with WebLogic/PeopleSoft servers due to a proof-of-concept exploit of an update Oracle debuted last December. The exploit makes it easy to scan for people with vulnerable websites and systems – highlighting them in a matter of minutes. Hundreds of crypto-mining victims have allegedly been users with systems on Amazon Web Services’ public cloud, Oracle’s public cloud, and similar cloud services. Anyone with an exposed server could become a victim of this type of malware attack and many others, with no end in sight.
Luckily, there are actions you can take to prevent a hacker from turning your business’s website into a miners goldmine. Enhancing your site’s security will not only protect your business from this energy-draining cyberattack, but it will also keep your users and customers safe – saving your website from the growing “do-not-visit” list thanks to this most recent invisible attack. The key to keeping the hijackers away is to eliminate any cybersecurity vulnerabilities on your website that could invite them in. Crypto-miners can’t attach malware to your site or your ads if they can’t get through your security.
Don’t Let Your Website Become a Bitcoin-Mining Botnet
Managed services with malware protection is the best way to keep your cybersecurity airtight, avoid crypto-mining ad attacks, and avoid other forms of malicious malware. The managed services from Imagine Monkey come complete with regular website updates, site management and maintenance, and advanced malware protection. We protect your site and your business using constant security monitoring, vulnerability scans, and real-time intrusion detection. We can keep your site safe from crypto-mining, alert you if anyone else tries to take advantage of your site, and remove harmful scripts from your server.
With our comprehensive managed services or an individual malware removal job, we can rid your web server of crypto-miners, malware-invested advertisements, and other exploits to give you peace of mind. You won’t have to worry about malware draining your users computer’s energy or impacting the site you worked so hard to launch. You won’t have to deal with damaging cyberattacks, as our team will take care of security concerns for you. You can relax with the knowledge that our highly skilled technicians have everything under control. Contact us to learn more about how Imagine Monkey can protect you from the latest cyber threats.
And for additional client-side protection we recommend installing Malwarebytes Malware Protection on your computer and enabling “Safe-Surfing” protection.