The ultimate goal of malware writers and distributors is to make money. The easier it is to do that the better, and if it's possible without having to hack and infect PCs, all the better. And it looks as though cybercriminals have figured out how to do just that through a combination of JavaScript and cryptocurrency mining.

Security vendor ESET discovered this new technique in some JavaScript files. What the cybercriminals do is buy traffic from an advertising network and use that to distribute the malicious adverts (known as malvertising). The JavaScript they contain utilizes the victim's computer resources to mine cryptocurrency. This slows down their system due to the extra load, which the user is sure to notice. However, the adverts are targeted at video streaming and in-browser gaming websites, so the user will expect a performance hit and therefore overlook the sudden slow down (that's the theory, anyway).

Another advantage of displaying these adverts on video and gaming sites is there's a much greater chance a user will keep the site open for longer. That translates into more time to mine and more cryptocurrency for the cybercriminals.

Popular cryptocurrencies such as Bitcoin require dedicated hardware to make mining worthwhile, and therefore isn't appropriate for this malvertising setup. Instead, ESET lists ZCash, Feathercoin, Litecoin, and Monero as the focus.

So far the countries targeted by these malicious adverts include Russia, Ukraine, Belarus, Kazakhstan, and Moldova, with Russia being the main target. The adverts seem likely to spread further afield and head west, though, due to the potential to tap millions more PCs and generate more cryptocurrency.

ESET named the malicious scripts as JS/CoinMiner.A and offers protection to ESET security suite (27.99 30% Off at ESET) users through Potentially UnSafe Apps detections. For everyone else, the company recommends using a well-configured script or ad blocker to stop the JavaScript miners from running.

Further Reading