Tuesday, November 26, 2024
HomeCryptocurrency hackCryptocurrency Web Miner Makes into MSN Portal Through Advertising Platform

Cryptocurrency Web Miner Makes into MSN Portal Through Advertising Platform

Published on

Cryptocurrency web miner scripts make into MSN portal through Advertising Platform AOL and create a large number of web miners. Hackers Modified the scripts of AOL advertising platform to launch a web miner program and most of the minor traffic linked to MSN[.]com in Japan.

Security researchers from Trend Micro Spotted a significant increase(108%) in the number of unique miners, the Sudden Spike is because of the effectiveness of the advertising platform.

cryptocurrency web miner

The compromised advertisement was on the front page of the MSN and it uses to redirect the user’s to the number of other pages. Further analysis shows more than 500 websites compromised with the same campaign.

- Advertisement - SIEM as a Service

Also Read Pop-up Ads & Hundreds of Websites Helping to Distribute Botnets, Cryptocurrency Miners and Ransomware

When a user visit’s the MSN portal and if the advertisement is displayed, then their browser starts running cryptocurrency web miner and it stops after the user closes the browser window.

The malicious script was injected into advertising[.]aolp[.]jp and the web miner traffic linked to the domain www[.]jqcdn[.]download that was created on March 18.

Cryptocurrency mining script generated based on the Coinhive and attackers users private mining pools, possibly to avoid charges of using well-established miner’s.

We closely examined compromised sites that this campaign modified and noticed that much of the malicious content was hosted on Amazon Web Service (AWS) S3 buckets. The names of the S3 buckets were visible in some of the compromised URLs, allowing us to investigate them further. We found that the buckets were completely unsecured, left open for anyone to list, copy, and modify” researchers said.

With this campaign, attackers injected malicious script JavaScript library on the unsecured open S3 buckets.

According to Trend Micro “We suspect that the legitimate AWS administrator didn’t properly set the permissions of their S3 bucket, which allowed the attacker to modify the hosted content“.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting...

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ...

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to...

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities,...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Nearest Neighbor Attacks: Russian APT Hack The Target By Exploiting Nearby Wi-Fi Networks

Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

North Korean Hackers Employing New Tactic To Acruire Remote Jobs

North Korean threat actors behind the Contagious Interview and WageMole campaigns have refined their...