Cryptojacking: Hackers Now Attach Cryptocurrency Mining Scripts to YouTube Ads

Altcoins Blockchain
Cryptojacking: Hackers Now Attach Cryptocurrency Mining Scripts to YouTube Ads

It has been recently identified that crypto jackers are now leveraging YouTube advertisements to mine digital currency at the expense of viewers. Cryptocurrency mining can be a highly profitable venture these days, and some hackers are now cutting corners to maximize profits to the detriment of other internet users.

Hidden Scripts as Alternative to Online Ads

According to Ars Technica many internet users took to social media to complain their antivirus software was detecting a cryptocurrency mining malware when they visited YouTube. Even after users switched to another browser, the antivirus program displayed a warning when users visited YouTube.

Trend Micro security researchers have said the YouTube advertisements have generated more than a three-fold spike in web miner detections.

The respective computer security experts said the crypto jackers were misusing Google’s DoubleClick platform to display advertisements to YouTube visitors in countries like Japan, France, Taiwan, Italy and Spain. The malware is written in JavaScript and then embedded into the ads with the sole purpose of mining Monero. This discrete maneuver is principally undertaken by Coinhive.

The Coinhive script allows its subscribers to use other people’s computers for mining, but in some cases the mining is consensual. Naturally, hijacking users’ computing capacities without their knowledge is morally questionable, but many have turned to crypto mining as an alternative to online advertising.

In other instances, private mining JavaScript is secretly embedded in YouTube Ads. This malware saves the attackers the 30 percent cut that goes to Coinhive.

Both Scripts are maliciously programmed to gobble up 80 percent of a stranger’s CPU, leaving only 20 percent to work on original intentions. This takeover sometimes leads to a system crash or the system might become annoyingly slow.

Independent security researcher Troy Mursch said:

“YouTube was likely targeted because users are typically on the site for an extended period of time. This is a prime target for Cryptojacking malware, because the longer the users are mining for cryptocurrency the more money is made.”

To make matters worse, these malicious cryptocurrency mining programs are sometimes accompanied by adverts for fake antivirus programs that install much more malware on people’s computers.

In an email written by a Google representative, the company said they had discovered the new malware and had removed some of the perpetrators of this malicious act from their platforms. They wrote:

“Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we’ve been monitoring actively. We enforce our policies through multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms.”

However, it appears it’s not every part of Google’s statement that is entirely true. Their claim of blocking the malicious ads within two hours does not align with Trend Micro’s assessment that the Monero mining ads have lasted for up to a week.

Drive-by cryptocurrency mining is steadily increasing. Although this malware has no other business with people’s computers than mining virtual coins, it is crucial for users to upgrade their anti-virus programs to the latest versions to avoid being victims of this malicious act.

Ogwu Osaemezu Emmanuel

Ogwu Osaemezu Emmanuel is a graduate of Mass Communication and Media Studies. He joined the blockchain movement in 2016 when a friend of his introduced him to an investment platform accepting bitcoin. He has never looked back since then. Emmanuel believes the world needs real change and freedom from poverty. He sees crypto and the underlying distributed ledger technology as the catalyst to a better future for all.