Trend Micro researchers — a Japanese cyber-security company — divulged that crypto mining scripts have been attacking YouTube viewers by using their CPU power to illegally mine cryptocurrencies. Recently, Coinhive has been a popular way to mine cryptocurrency using a victim’s computer, and it’s found its way into YouTube ads.
Subscribe to the Bitsonline YouTube channel for more great videos featuring industry insiders & experts
As the Trend Micro blog explains: “We started seeing an increase in traffic to five malicious domains on January 18th. After closely examining the network traffic, we discovered that the traffic came from DoubleClick advertisements.”
YouTube users were reporting on social media that the video platform has been draining their CPU power. Trend Micro researchers pointed out that the malicious agent or agents responsible have targeted users in France, Japan, Italy, Taiwan and Spain.
Tory Mursch — an independent security researcher — told Ars Technica:
“YouTube was likely targeted because users are typically on the site for an extended period of time. This is a prime target for cryptojacking malware, because the longer the users are mining for cryptocurrency the more money is made.”
The hacker with the Coinhive site key “h7axC8ytzLJhIxxvIHMeC0Iw0SPoDwCK” ran these cryptojacking scripts to mine Monero.
A Google representative said the attack vector in question was resolved within two hours. An official statement from the company read:
“Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we’ve been monitoring actively. We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms.”
However, Trend Micro and accrued social media evidence indicates that these ads continued to operate for more than a week after Google assured that the issue was resolved.
Trend Micro blog stated, “We detected an almost 285% increase in the number of Coinhive miners on January 24th.” Many predict these activities to expand, and not decrease, over time.
Will cryptojacking activities multiply over time? Let us know your thoughts in comments section.
Images via The Independent, Ars Technica