Illegal Cryptocurrency Mining Scripts Target YouTube Viewers

Trend Micro researchers — a Japanese cyber-securitycompany — divulged that cryptomining scripts have been attacking YouTube viewers by using their CPU power to illegally mine cryptocurrencies. Recently, Coinhive has been a popular way to mine cryptocurrency using a victim’s computer, and it’s found its way into YouTube ads.

Also read: British PM Theresa May to Closely Scrutinize Bitcoin, Crypto

Subscribe to the Bitsonline YouTube channel for more great videos featuring industry insiders & experts

Coinhive Scripts Now on YouTube Ads

Illegal Cryptocurrency Mining Scripts Target YouTube Viewers
Illegal Cryptocurrency Mining Scripts Target YouTube Viewers

As the Trend Micro blog explains: “We started seeing an increase in traffic to five malicious domains on January 18th. After closely examining the networktraffic, we discovered that the traffic came from DoubleClick advertisements.”

YouTubeusers were reporting on social media that the videoplatform has been draining their CPU power. Trend Micro researchers pointed out that the malicious agent or agents responsible have targeted users in France, Japan, Italy, Taiwan and Spain.

Usually, most hackers use the open source JavaScript made available by Coinhive to mine Monero (XMR) — a bitcoin substitute. Coinhive can eat up to 90% of a CPU’s power accordingly.

Tory Mursch — an independent security researcher — told Ars Technica:

YouTube was likely targeted because users are typically on the site for an extended period of time. This is a prime target for cryptojacking malware, because the longer the users are mining for cryptocurrency the more money is made.”

The abusive JavaScript ads masqueraded as fraud AV programs. Once a user clicks on it, the malware installs on the victim’s computer. The ad was then injected and produced the following result:


The hacker with the Coinhivesite key “h7axC8ytzLJhIxxvIHMeC0Iw0SPoDwCK” ran these cryptojacking scripts to mine Monero.

Google Resolves the Issue?

A Google representative said the attack vector in question was resolved within two hours. An officialstatement from the company read:

“Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we’ve been monitoring actively. We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms.”

However, Trend Micro and accrued social mediaevidence indicates that these ads continued to operate for more than a week after Google assured that the issue was resolved.

According to Trend Micro, restricting all JavaScript-based application on browsers can stop these scripts from leaching the CPU power. In the past, Trend Micro warned against cryptocurrencymining malware that used Facebook Messenger to mine Monero.

Trend Micro blog stated, “We detected an almost 285% increase in the number of Coinhiveminers on January 24th.” Many predict these activities to expand, and not decrease, over time.

Will cryptojacking activities multiply over time? Let us know your thoughts in comments section.

Images via The Independent, Ars Technica

The postIllegal Cryptocurrency Mining Scripts Target YouTube Viewers appeared first on Bitsonline.

Source link

Similar Posts