A stealthy attack that slips cryptocurrency miners into ads on unsuspecting websites is making the rounds, according to Israeli adtech firm Spotad.
The company has an artificial intelligence (AI) system dubbed Sarah that picked up on several anomalies within advertising code across both desktop and mobile environments—further inspection showed that these seemingly legitimate ads are actually in the business of mining for Monero. Spotad explained that the trojanized ads—which are Java-enabled—attempt to con site visitors into clicking on a pop-up that would initiate the mining process.
Sarah was able to pick up on the situation by registering an odd behavior pattern, such as a lack of click-through action. After contacting the brand, it became clear that this was enabled via third-party malicious injection into otherwise legitimate ads.
Tomer Horev, chief strategy officer at Spotad and the lead on Sarah’s findings, told CoinDesk that it was just a matter of time before criminals embraced web-based mining.