Reading Time
~ 3 minutes
Spread the Word

A malicious ad campaign on the popular video platform Youtube has profited off its unknowing viewers by using their computers to mine a Bitcoin-like cryptocurrency.

On Tuesday, users started reporting that they kept receiving annoying Youtube advertisements. The displayed ads used the visitors’ CPUs and electricity to generate a digital currency for the attackers.

Trend Micro, an antivirus provider, investigated these reports, and said the ads helped drive a 300% spike in web miner detection.

The attacker used Youtube’s ad service to load the mining software on the viewers’ browsers without them noticing. The mined coins went to the attacker instead of the viewer. It seems that the code found its way onto Youtube by exploiting Google’s Double Click ad platform. The criminals targeted visitors from select countries, such as Japan, France, Taiwan, Italy and Spain.

The software did not stop mining even after the ads were done playing, meaning it continued to drain power while users were watching their videos.  80% of computing power will be drained for mining, leaving the computer barely functional for other tasks.

Said software was written in JavaScript, and it mined the digital coin known as Monero. Nine out of ten of these malicious ads used the Coinhive mining script. Coinnhive is a cryptocurrency mining company which has produced much controversy over the way it runs its services. It allows its subscribers to mine by using other people’s computers, but they have to have their consent first, which was not the case in this attack. The remaining 10% of the ads use a private mining JavaScript which saves the attackers the 30% cut that Coinhive takes.

The ads that have been analysed by Trend Micro, mined Monero coins for an individual that had the Coinhive site key of “h7axC8ytzLJhIxxvIHMeC0Iw0SPoDwCK.” It’s impossible to deduce the total number of coins mined so far. Trend Micro said the ad attack started on January 18th.

A Google representative said in an email to Ars Techninca that the ads were blocked ”in less than two hours”.

“Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we’ve been monitoring actively. We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms.”

But this information isn’t quite accurate, as there was found evidence (on social media or supplied by Trend Micro) that showed that illegal ads using the same JavaScript ran for as long as a week.

As illegal browser-based crypto mining has become an increasing problem, many antivirus programs are warning users of crypto mining scripts hosted on sites and giving them the option of blocking the activity.  It is evident that the growing interest in mining cryptocurrencies has determined many to inject in-browser mining scripts into various ads to use another person’s computational power and resources.

Read more articles related to this subject:
Notice: The information in this article and the links provided are for general information purposes only and should not constitute any financial or investment advice. We advise you to do your own research or consult a professional before making financial decisions. Please acknowledge that we are not responsible for any loss caused by any information present on this website.