Hackers Hijack Google’s DoubleClick Advertisement System On YouTube For Cryptocurrency Mining

Several users have noticed that YouTube is displaying ads that secretly take advantage of the user's CPU to mine for cryptocurrency.

Reports first started to spread on Twitter, with a handful of people claiming their antivirus software were notifying them that hints of cryptocurrency mining has been detected as they watched YouTube videos.

Even when the affected users tried to switch browsers to watch YouTube, the warnings persisted, which suggested that the problem was actually with YouTube itself.

On Jan. 26, researchers from Trend Micro confirmed the ads caused a significant spike in Web miner detections. The anonymous attackers behind it were taking advantage of Google's DoubleClick advertising system to shroud mining code inside YouTube ads in a number of countries, among them are Japan, Italy, Spain, France, and Taiwan.

Cryptocurrency Mining Ads

The YouTube ads in question used JavaScript to mine digital currency Monero. In nine out of 10 cases, the ads will employ public JavaScript code provided by Coinhive — a Netflix-like cryptocurrency mining service where subscribers profit from leeching off other people's computers almost always surreptitiously. One times out of 10, the ads employ private mining JavaScript code to avoid the profit cut Coinhive gets from attackers to use its service.

Both kinds of JavaScript utilize a whopping 80 percent of a users' CPU, straining its resources.

But why was YouTube taken advantage of? Security researcher Troy Mursch explains:

"YouTube was likely targeted because users are typically on the site for an extended period of time ... because the longer the users are mining for cryptocurrency the more money is made."

Google Says It Has Stopped The Attacks

Fortunately for unsuspecting YouTube viewers, the attack has been euthanized. A spokesperson for Google just confirmed that the ads were blocked in less than two hours and the malicious attackers were removed immediately from its platforms. However, Google's time frame seems a bit suspect, as Trend Micro reports that the attacks in question have been occurring since Jan. 18.

Web-based cryptocurrency mining has become a significant problem in recent years, helped by the rising value of bitcoin and cryptocurrency in general. Coinhive is just one example of the unbelievable crave for cryptocurrency, with users willing to abuse other people's system just to reap profits. It's the sad truth of the cryptocurrency landscape as it persists today.

Mike PalmerComment