ETHERLive delivers real-time price and volume data across 16+ exchanges to users in a clear and easy-to-understand package. Users can get up-to-the-second updates for each exchange/currency pair, as well as aggregated market averages for each exchange, currency, and the market as a whole. It also provides a global converted average of all the currency pairs monitored by ETHNews, converted to USD.


24hr ---

The Basics

Learn the basics of Ethereum and various cryptocurrency technologies

Learn More

What is Ethereum?

Understand the underlying principles of the Ethereum Platform

Learn More

The Blockchain

Discover the revolutionizing technology known as the blockchain

Learn More

Press Release

Submit a press release for consideration on ETHNews

Submit Press

Story / Dapp

Submit a story or DAPP to be considered for publication on ETHNews.

Submit Story


Submit "Ethereum Explainer" content for consideration to be featured on ETHNews

Submit Topic
ETHNews Logo
Ether Price Analysis
Contact Us

New 'Malvertising' Threat Hijacks Browsers to Mine Cryptocurrencies




An unknown hacker or group of hackers has targeted some video streaming and gaming sites with “malvertising,” which uses online ads as channels to transmit script that causes visitors’ browsers to mine altcoins for the perpetrator.

A blog post on September 14, 2017, by ESET malware researcher Matthieu Faou revealed that an actor, or set of actors, has been using “malvertising” to harness the computing power of unsuspecting visitors to certain websites for the purpose of mining altcoins.

The term “malvertising” refers to the practice of delivering malicious code to a website via an online ad network without the victim actually downloading anything to the affected device. Advertising network operators are unaware of the malicious content being sent to websites on the network. The content contains code that can adversely impact the browsing experiences of these sites’ users and potentially even put their privacy at risk.

In this particular attack, of which victims seem to be concentrated in Russia, Ukraine, and to a lesser extent Belarus, Kazakhstan, and Moldova, the malvertising hijacks the victim’s browser to mine altcoins while the victim is browsing the affected web page. Once the victim navigates away, the mining stops because no malware was actually downloaded. This is noteworthy because downloadable malware is the preferred mechanism by which cybercriminals use the computing power of others to mine for themselves. 

While certain cryptocurrencies like bitcoin now require specialized hardware to mine them effectively, Feathercoin and Litecoin, two of the cryptocurrencies sought by the perpetrator(s) of this attack, are designed to be minable via regular CPUs. Faou’s post revealed that all the Feathercoin malvertising scripts analyzed by the ESET team contained a single wallet address, suggesting a single perpetrator or group of perpetrators. The other cryptocurrency mined in these attacks, Monero, is among the most anonymous of cryptocurrencies, and thus the team could not ascertain whether all the Monero mined through these attacks was sent to a single wallet. 

These malvertisements appeared primarily on video streaming and gaming sites, where users could be expected to spend longer-than-average periods of time on a single page viewing data-heavy content that tends to temporarily impact processing speed. This allows for more mining time and reduces the possibility that users notice their machines running slowly as a result of the mining. Faou also posits that the relatively narrow geographical distribution of victims is most likely a consequence of “the language of the websites in which the scripts are injected.”

Attacks harnessing victims’ computing power for mining purposes are not without precedent. As ETHNews reported less than two months ago, a security breach at San Francisco State University saw a number of malware files, including bitcoin mining software, end up on the school’s servers. Bryan Seely, an ethical hacker who originally notified SFSU of the vulnerability, told ETHNews that while it’s unclear whether all the machines on the network (including students’ personal devices) were affected by the hack, the school’s servers alone were powerful enough to run a substantial mining operation. 

Additionally, in 2015, the New Jersey Division of Consumer Affairs settled with a team of MIT students who had developed a software code called Tidbit, which enabled websites to embed code that would conscript victims’ computers to mine bitcoin on the websites’ behalf whenever victims visited a page featuring the code.  Though the Tidbit team’s intent was not considered to be malicious, they nonetheless agreed to a $25,000 settlement, which was to be vacated after two years if they refrained from illegally accessing computers in New Jersey during that period.  

Finally, as ETHNews reported earlier this week, the Russian cybersecurity firm Kaspersky announced that, between January and August of this year, its products protected 1.65 million users from malicious mining software.  The company also claimed to have discovered one culprit botnet that was responsible for mining cryptocurrency to the tune of over $30,000 each month. 

Adam Reese

Adam Reese is a Los Angeles-based writer interested in technology, domestic and international politics, social issues, infrastructure and the arts. Adam holds value in Ether, Bitcoin, and Monero.

ETHNews is committed to its Editorial Policy

Like what you read? Follow us on Twitter @ETHNews_ to receive the latest Malvertising, malware or other Ethereum cryptocurrencies and tokens news.