Hackers Invade YouTube Ads To Mine Cryptocurrency

This week, ads over YouTube carried a sneaky surprise: a cryptocurrency miner.

The mining software briefly invaded the video platform in an attempt to secretly siphon the computing power from any YouTube viewers who encountered the ads.

The culprit? Hackers who decided to abuse Google’s ad network. The bad actors seeded the advertisements with web scripts that’ll run over your browser to mine the digital currency Monero.

The ads largely arrived on Wednesday and ended up spreading to victims based in Japan, France, Taiwan, Italy and Spain, according to the security firm Trend Micro.

Twitter users noticed the problem too. They’ve posted screenshots of their antivirus software detecting the mining scripts.

The hackers probably targeted YouTube because the platform is so popular, Trend Micro said in a Friday blog post. The more browsers the mining software can leverage, the more cryptocurrency it can generate.

However, the mining comes with a cost: it can hog your PC’s computer resources, and drag down the performance. In this case, the mining scripts in the YouTube scheme were configured to siphon 80 percent of the PC’s computing power, Trend Micro said.

Google, which owns YouTube, has taken action. On Friday, the company claimed that the ads were blocked in less than two hours. The bad actors have also been removed from Google’s platforms.

“Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we’ve been monitoring actively,” a company spokesperson said on Friday in an email.

Unfortunately, cryptocurrency mining that creeps through your browser is probably here to stay. In recent months, hackers have been hijacking websites, and even Chrome browser extensions, to seed them with web scripts that can mine the digital currency Monero, which is now worth $320 a coin.

Many of these hacks all have something in common: they’ve relied on a service called Coinhive to do the mining. Since Sept, Coinhive has been offering a Javascript Monero miner that anyone can register to use and slip into a website. In return, Coinhive takes a 30 percent cut.

Wednesday’s YouTube scheme pulled from the same playbook; it too used a Coinhive script in about 90 percent of the ads served. The remaining ads employed a private web miner.

So far, Coinhive hasn’t commented on the YouTube scheme. But its mining script has become widespread. Many anti-virus vendors including Trend Micro are starting to rank it as among the most pervasive malware threats circulating on the web.

Leave a Reply

*