Cryptojackers target Google DoubleClick ads
- Malware recently infected Google DoubleClick ads on YouTube with the result that users were served ads that contained crytocurrency mining software, according to a MediaPost article. The incident was uncovered by cybersecurity company Trend Micro and reported in its TrendLabs Security Intelligence blog after five malicious domains saw a boost in traffic on Jan. 18.
- Trend Micro detected a nearly 285% increase in the number of miners from cryptocurrency mining service Coinhive on Jan. 24. The analysis uncovered two different web-miner scripts that were embedded and a script displaying the DoubleClick ad. Countries infected include Japan, France, Taiwan, Italy and Spain, where users reported that their antivirus software notified them that cryptocurrency mining was detected when they watched YouTube videos.
- Using ads to mine cryptocurrency is a new method of ad fraud. This type of abuse violates Google policies, and it’s something the company has been monitoring, a Google spokesperson told MediaPost. The perpetrators were quickly blocked and removed, according to the spokesperson.
The cryptojacking discovery is another strike for YouTube, which has experienced several incidences over the past year of ads being placed next to videos containing fake or distasteful content and points to the challenges digital media companies face in curbing misuse on their platforms.
The recent surge in the value of bitcoin and other cryptocurrencies has heightened the problem of fraudulent cryptocurrency mining, also called “cryptojacking.” Until the recent Trend Micro detection, a lot of cryptojacking has occurred under the radar, with most consumers not even realizing they were being targeted, according to the company. In September, Coinhive created a script to mine the cryptocurrency Monero when a website loaded, making money off of other sites’ traffic. The recent discovery of crytocurrency mining could prompt hackers to create new, harder-to-detect malware.
Ad fraud has been an ongoing headache for marketers. Google has estimated that ad fraud costs publishers $3.5 million a day or $1.27 billion a year on a $5 video ad CPM. The company has taken steps recently to combat fraud and assure marketers that their advertisements will be protected from fraudsters, even though that may mean more expensive ad buys.
In November, Google began blocking ad purchases of unauthorized inventory that were identified by ads.txt, driving up the average price for digital ad inventory sold on Google’s platforms. The advertising industry anti-fraud initiative Trustworthy Accountability Group (TAG) recently announced that it will require publishers to adopt ads.txt. With the adoption of the Interactive Advertising Bureau’s ads.txt to block counterfeit and unauthorized programmatic impressions, the price may be going up, but instances of fraud are likely going down. More than half of Google DoubleClick inventory comes from publishers using ads.txt.
Google is also getting tougher on determining which YouTube channels are deemed safe for ads. New YouTube Partner Program channels will be required to have 1,000 subscribers, 4,000 hours of watch time over the past year and 10,000 total views to become ad eligible.
- MediaPost Hackers Hijack Google DoubleClick Ads
- Marketing Dive Publishers lose $1.27B yearly to ad fraud, new study finds