Cryptojacking: Hackers Now Attach Cryptocurrency Mining Scripts to YouTube Ads
It has been recently identified that crypto jackers are now leveraging YouTube advertisements to mine digital currency at the expense of viewers. Cryptocurrency mining can be a highly profitable venture these days, and some hackers are now cutting corners to maximize profits to the detriment of other internet users.
Hidden Scripts as Alternative to Online Ads
According to Ars Technica many internet users took to social media to complain their antivirus software was detecting a cryptocurrency mining malware when they visited YouTube. Even after users switched to another browser, the antivirus program displayed a warning when users visited YouTube.
Trend Micro security researchers have said the YouTube advertisements have generated more than a three-fold spike in web miner detections.
The Coinhive script allows its subscribers to use other people’s computers for mining, but in some cases the mining is consensual. Naturally, hijacking users’ computing capacities without their knowledge is morally questionable, but many have turned to crypto mining as an alternative to online advertising.
Both Scripts are maliciously programmed to gobble up 80 percent of a stranger’s CPU, leaving only 20 percent to work on original intentions. This takeover sometimes leads to a system crash or the system might become annoyingly slow.
Independent security researcher Troy Mursch said:
“YouTube was likely targeted because users are typically on the site for an extended period of time. This is a prime target for Cryptojacking malware, because the longer the users are mining for cryptocurrency the more money is made.”
To make matters worse, these malicious cryptocurrency mining programs are sometimes accompanied by adverts for fake antivirus programs that install much more malware on people’s computers.
In an email written by a Google representative, the company said they had discovered the new malware and had removed some of the perpetrators of this malicious act from their platforms. They wrote:
“Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we’ve been monitoring actively. We enforce our policies through multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms.”
However, it appears it’s not every part of Google’s statement that is entirely true. Their claim of blocking the malicious ads within two hours does not align with Trend Micro’s assessment that the Monero mining ads have lasted for up to a week.
Drive-by cryptocurrency mining is steadily increasing. Although this malware has no other business with people’s computers than mining virtual coins, it is crucial for users to upgrade their anti-virus programs to the latest versions to avoid being victims of this malicious act.