Cyber criminals are abusing Google’s DoubleClick service to deliver a Coinhive cryptocurrency miner as part of a malicious campaign.
According to the Trend Micro report, detections have nearly tripled (up 285%) on January 24th of this week. Nearly a week earlier on January 18, an increase of traffic to five malicious domains was also observed.
The malicious advertisements were found on high-traffic sites (from Japan, France, Taiwan, Italy, and Spain) and used Coinhive as well as a separate miner.
Trend Micro also noticed pages infected with the malvertisements included two different embedded miner scripts, as well as another one that displays the advertisement from DoubleClick.