
Hackers used YouTube ads to mine for cryptocurrency.
Video-sharing website, YouTube, had some of its ads repurposed by hackers to hijack video viewers’ processing power to mine cryptocurrency. According to several reports, the code had been inserted in the JavaScript of the ads to mine CoinHive’s cryptocurrency, Monero. YouTube currently boasts with a whopping 1.5 billion users worldwide, making them an obvious target for hackers.
The mining code would reportedly drain up to 80 percent of viewers’ CPU power, a process which was enabled by either watching or clicking a specific YouTube advert link. This issue was identified last week when users reported their antivirus programmes detecting covert mining whilst watching YouTube adverts.
On Sunday, cyber-security research company, Trend Micro, published a blog post revealing a 285 percent increase in the number of CoinHive miners on Wednesday, January 24. They traced the activity to five domains, one of which was a subsidiary company owned by Google, called DoubleClick Advertisement. The cryptocurrency mining occurred in several countries, according to Trend Micro, which includes France, Italy, Spain, Japan, and Taiwan.
YouTube’s owner, Google, issued a statement that informed all of its users that it has fixed the issue. A Google representative said that the ads responsible for the mining have been blocked and all the accounts responsible for the ads had been removed. According to media sources, the company used a detection system that monitored newly submitted ads for two hours. Hackers usually upload clean adverts for validation after which they would swap them for a malicious JavaScript once the original ad went live.
“Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we’ve been monitoring actively,” said Google in a statement.
One way in which users can avoid becoming victims of rogue cryptocurrency mining is to disable auto-running JavaScripts in browsers.