Beware of YouTube ads, some take advantage of your CPU to do cryptocurrency mining.
Malicious uses and vulnerabilities of cryptocurrencies and blockchains continue to proliferate, and now not even watching YouTube videos do we seem to be safe, something that joins websites that mine cryptocurrencies while we visit them without warning.
This is what several security researchers have discovered, who have detected that some ads that are shown before the YouTube videos that we want to reproduce have code to do cryptocurrency mining while we watch them.
YouTube advertising as a means of attack
Several users reported the problem when noticing how their antivirus blocked mining programs – specifically, Coinhive – hidden in the code of YouTube ads.
The DoubleClick ad platform has apparently been the victim of a cyber attack that allowed crackers to take advantage of these ad insertion codes to integrate the Coinhive client that allows mining the cryptocurrency Monero (XMR) —Highly valued for its anonymity and privacy — without users noticing anything.
Trend Micro researchers indicated that they had noticed a 200% growth in the presence of “web miners” referring to these types of processes. Most of those processes make use of the Coinhive client, but 10% of the cases detected referred to the attackers’ own code that prevented them from having to give Coinhive 30% of the income obtained with their script.
Cryptojacking in sight
Both scripts are designed to consume 80% of processor resources user, which makes visiting one of these videos our PC or laptop is clearly limited in its processing capacity. Troy Mursch, a security researcher specialized in these attacks known as ‘cryptojacking’, indicated in Ars Technica that these attacks have been directed at YouTube because “users are normally on this website for a long period of time”.
Apparently @YouTube is very funny and it was not enough to lower the audience, now they go and put the Coinhive JavaScript to use our devices to mine Monero! Really, @Google! What leeches are you doing with YouTube? pic.twitter.com/NzMUMlArJs
– ᛗ🦊ᛟ Ervo ᛟ🦊ᛗ (@Mystic_Ervo) January 24, 2018
Those responsible for Google they have issued a statement in which they state that “cryptocurrency mining through ads is a relatively new form of service abuse that violates our policies, and we are actively watching it.”
Several antivirus clients have had extra features for some time to detect this type of “web mining” process, and although these clients actually take advantage of the hardware resources of our devices to mine cryptocurrencies, there are no signs at the moment that indicate that these clients install ransomware or other malware.
As we recently explained, there are other ways to prevent this problem, and there are extensions for Chrome (minerBlock) and Firefox (CoinBlock) that detect these JavaScript clients and stop their activity.
In Engadget | How to know if a website is mining bitcoins taking advantage of your visit and how to avoid it
