Hackers tapping Youtube Ads to mine cryptourrency illegally

Attackers are using YouTube ads to illegally mine cryptocurrencies on users’ CPUs according to reports and complain that came up this week.

This was confirmed by researchers from Trend Micro, an antivirus provider. The researchers said attackers are abusing Google’s DoubleClick ad platform to display ads to YouTube visitors in countries such as Japan, France, Taiwan, Italy, and Spain.

“This is a prime target for crypto jacking malware because the longer the users are mining for the cryptocurrency. The more money is made,” Troy Mursch who is an independent security researcher says Arstechnica. He cited an example of a campaign that used Showtime website to deliver cryptocurrency mining ads as another example of attackers targeting a video site.

They said the campaign started on January 18

The attackers are targeting YouTube because it attracts millions of visitors and people spend considerable time watching videos on it. The report came after many people complained that their antivirus programs were detecting cryptocurrency mining codes when they visited YouTube.

Also Read: Trading Technologies International Inc teamed up with Coinbase

Users posted ads on social media and forums, including a case where one was using to mine Monero coins. Thus, on behalf of a Coinhive user with a site key of “h7axC8ytzLJhIxxvIHMeC0Iw0SPoDwCK”. It was not possible to know how much coins they got from the illegal activity. The software drains users of their computer resources and electricity.

The said ads use JavaScript provided by Coinhive cryptocurrency mining service to mine Monero cryptocurrency. The publicly available JavaScript is controversial because it allows subscribers to profit by surreptitiously using other people’s computers. It was using in 9 out of the 10 cases.

The attacker ads then switch to using private mining JavaScript to save the attackers the 30 percent cuts taken by Coinhive. The public and individual scripts use 80 percent of a visitor’s CPU. The JavaScript had graphics displaying fake AV programs.

These are programs that install malware and scam people out of money when run.

Although a Google representative sys on Friday that the ads were block in less than two hours and malicious actors quickly removed, evidence from  Trend Micro. However, social media posts showed the various ads with the same JavaScript run for as long as a week.

Read Next: Ernst and Young says around $400 million lost from ICO funds

Show More

Elena R

Elena is an expert in technical analysis and risk management in cryptocurrency market. She has 10+year experience in writing - accordingly she is avid journalists with a passion towards researching new insights coming into crypto erena.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

twelve + 3 =

Back to top button