YouTube ads hacked to mine cryptocurrency via visitors' CPUs

Cryptocurrency has become a hot topic over the last several months, and one of the frustrating trends growing alongside it is the practice of websites secretly using visitors' CPUs through the browser to mine digital currency. While some websites do this intentionally as an alternate method of funding, other times it's invasive ad networks using plugins to take advantage of web users. Earlier this week, YouTube was invaded by the latter.

The security firm Trend Micro notes that the cryptocurrency-mining ads started appearing on YouTube on Wednesday, and mostly targeted users in Japan, France, Taiwan, Italy, and Spain. Users started noticing that their anti-virus software was being triggered on YouTube, specifically from the mining scripts attempting to make use of their CPU processing power.

The script itself was identified as originating from a service called CoinHive, and is designed to mine the Monero cryptocurrency. While CoinHive originally designed this script for ethical use, with websites notifying visitors of its use, bad actors managed to modify it and use it to abuse Google's DoubleClick ad platform. Trend Micro found that the ads were using as much as 80% of visitors' CPUs, with no notice to users or YouTube.

Fortunately, Google became aware of the abuse and was quick to shut down the abusive ads. The company released the following statement, noting that the hackers behind the script were booted from the ad platform:

"Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we've been monitoring actively. We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms."

But while Google says it blocked the ads within hours, Trend Micro writes that the ads were on YouTube for a period lasting between several days and up to a week. This could indicate that Google has a wider problem of scripts making their way onto its ad platform, and that stealth mining is likely to be an ongoing issue as the value of cryptocurrencies continues to increase.

SOURCE Ars Technica