A malicious ad campaign on the popular video platform Youtube has profited off its unknowing viewers by using their computers to mine a Bitcoin-like cryptocurrency.
On Tuesday, users started reporting that they kept receiving annoying Youtube advertisements. The displayed ads used the visitors’ CPUs and electricity to generate a digital currency for the attackers.
Trend Micro, an antivirus provider, investigated these reports, and said the ads helped drive a 300% spike in web miner detection.
The attacker used Youtube’s ad service to load the mining software on the viewers’ browsers without them noticing. The mined coins went to the attacker instead of the viewer. It seems that the code found its way onto Youtube by exploiting Google’s Double Click ad platform. The criminals targeted visitors from select countries, such as Japan, France, Taiwan, Italy and Spain.
The software did not stop mining even after the ads were done playing, meaning it continued to drain power while users were watching their videos. 80% of computing power will be drained for mining, leaving the computer barely functional for other tasks.
The ads that have been analysed by Trend Micro, mined Monero coins for an individual that had the Coinhive site key of “h7axC8ytzLJhIxxvIHMeC0Iw0SPoDwCK.” It’s impossible to deduce the total number of coins mined so far. Trend Micro said the ad attack started on January 18th.
A Google representative said in an email to Ars Techninca that the ads were blocked ”in less than two hours”.
“Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we’ve been monitoring actively. We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms.”
As illegal browser-based crypto mining has become an increasing problem, many antivirus programs are warning users of crypto mining scripts hosted on sites and giving them the option of blocking the activity. It is evident that the growing interest in mining cryptocurrencies has determined many to inject in-browser mining scripts into various ads to use another person’s computational power and resources.