Trend Micro researchers recently found that hackers had gained entry to, and then modified code, in AOL’s advertising platform to mine Monero cryptocurrency. 500 other websites are also thought to be infected with the same CoinHive cryptocurrency mining script used on the AOL advertising platform. This includes MSN’s Japanese web portal, which was infected by a similar script with the same goal of mining Monero coins via the computing power of visitors to the news site.
In its posted analysis, Trend Micro said that the compromised ads were capable of creating a large number of web miners. The MSN website is the default page for Microsoft’s browser and the page that Outlook email users are redirected to on logging out from their account, so it gets a lot of secondary traffic.
As the researchers looked more deeply into what was happening, they found that hackers were running their campaign by hosting malicious content on unsecured AWS S3 buckets, which their administrators had apparently left open for public access.
In terms of the AOL and MSN website hacks, the Trend Micro researchers think that a sizeable number of users may have been impacted.
The security firm alerted the firms involved, and AOL moved quickly to remove the malicious script. Trend Micro advised website administrators to check for potential exploitation, and take action if necessary.
“The campaign injected malicious script at the end of a JavaScript library on the unsecured S3 buckets. Website administrators can easily check for any script injected with code similar to the one shown below or the mining domains we listed in the Indicators of Compromise section to verify if their sites have been modified,” wrote Trend Micro.
Other major advertising platforms have seen their sites compromised in a similar way by illegal cryptojacking programs. In January, hackers used ad slots on YouTube to mine Monero cryptocurrency through CoinHive Javascript code.
“Organizations should secure and always properly configure their servers to prevent these types of threats. To further protect themselves, they should choose the right cloud security solution based on their specific needs,” concluded Trend Micro.
There are several ways to block cryptocurrency mining from taking place in your browser and stealing CPU power, including minerBlock and No Coin extensions in the Chrome web store. Both extensions are open source, and freely available for the public to use. Alternatively, the Opera browser (in both Android and iOS, on desktop and mobile) prevents websites from hijacking your browser to mine for cryptocurrency.