Malicious YouTube Ads Secretly Used By Cryptojackers To Mine Crypto


Cryptojackers have been hijacking YouTube ads to harness viewers computer processing power in order to mine digital currencies, in this case, Monero. The issue was reported by technology publication and science Ars Technica after people took to social media to report that antivirus programs had detected cryptocurrency malware on YouTube. 

Attackers abused Google’s DoubleClick, which develops and provides internet ad serving services for traffic distribution. According to data from the Trend Micro Smart Protection Network, affected countries include Japan, France, Taiwan, Italy, and Spain. Google has now blocked the ads from being displayed on YouTube.

Unfortunately, most victims are unaware of what is going on – the process is carried out secretly without users having the opportunity to opt out. Even though a download isn’t required, hackers devised an approach where cryptojacking can continue even after users close the tab itself. And unfortunately, since it is a relatively new concept, hackers can innovate, changing their methods in an attempt to continue their devious plan.

90% of the time, the malicious adverts would launch a miner called Coinhive, and in the other 10% of cases a private web miner would be used. Each would covertly use up 80% of victims’ computer processing power for mining, resulting in the machine running much, much slower than normal. These recent ads have helped drive up the volume of cryptojacking incidents involving Coinhive by almost 285%.

“Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we’ve been monitoring actively,” a Google spokesperson told The Independent. “We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms.”

Despite these claims from Google that the process is “relatively new,” cryptojacking has become increasingly popular over the years —  and YouTube’s ad problem was not an isolated incident. Research has shown that in the top 3 million websites, 2,500 are running a form of cryptojacking software, consuming users’ processing power without their knowledge or consent.


SanFair Newsletter

The latest on what’s moving world – delivered straight to your inbox