Hackers Are Demanding Bitcoin Ransom from Google Adsense Clients Author: Jimmy Aki Last Updated: 18 February 2020 Bitcoin ransom operations have picked up steam in 2020 already, and a new scheme is already making the rounds across the Internet. The latest in ransom schemes is one that’s been targeting users of Google’s Adsense advertising program, and according to a recent report from cybersecurity firm Krebs on Security, it has already begun to affect a sizable number of advertisers on the platform. Pay Up or Lose Access to Your Ads The report, which was published on Monday, explained that fraudsters have started to send website owners Emails to pay them Bitcoins or risk having their websites flooded with bot-fueled junk- an action that will lead to Google Adsense blacklisting them from its program. The Adsense platform underwent a few upgrades last year in Google’s bid to clamp down on-site administrators artificially inflating their traffic through bots. However, these fraudsters have now found a means of using his verification feature to their advantage. In an Email shared with Krebs, one scammer explained to a site administrator that he had no choice, as the traffic assessment algorithm being used by Adsense will eventually detect the upsurge in the website’s traffic and realize that it’s coming from a bot. This could lead to the site being blacklisted, and the site administrator himself will have his account suspended from Adsense. Krebs explained that it had contacted the search engine to see if there was a way to protect site administrators from this new threat, and in a reply, Google explained that it was aware of the ransom scam and was working to make accommodations in its enforcement system. A statement from the tech giant reportedly read, “We hear a lot about the potential for sabotage, it’s extremely rare in practice, and we have built some safeguards in place to prevent sabotage from succeeding. For example, we have detection mechanisms in place to proactively detect potential sabotage and take it into account in our enforcement systems,” the statement added. Google Products are Becoming a Preferred Proliferation Medium In the world of ransom operations, this one is much more direct. Ideally, scammers who choose to blackmail their victims wait until the victims have been rendered helpless before they contact them and offer the terms to get things back to the status quo. Ransomware operators usually install their malware and lock peoples’ computers, while crypto jackers install their viruses and already cause a reduction in the computer’s processing power. Then, they send notes asking for money. However, Google products have also started to become a preferred medium for malware hackers to conduct their operations. Last November, antivirus software supplier Eset reported that the owners of the Stantinko botnet had started installing their malware on victims’ devices using YouTube. As the report explains, the botnet, which has been in operation since about 2012, distributes its cryptojacking module via YouTube channels, thus using this module to mine Monero. Their use of Google and its suite of products is understandable- with a large market, Google could provide these hackers with a large cluster of potential victims.