YouTube ads are the latest ground zero for nefarious crypto mining
YouTube is turning passive viewers into cryptocurrency miners, and Google isn't happy.
The issue became apparent earlier in the week as complaints surfaced on social media claiming that YouTube ads were raising red flags in anti-virus software. A service called Coinhive was hijacking a viewer's CPU and using its power to mine crypto.
A Friday blog post from Trend Micro, an international cybersecurity company, confirmed the sharp uptick in Coinhive use earlier in the week, pinning it to a "malvertising campaign" that subverted a Google ad service used on YouTube.
"Attackers abused Google’s DoubleClick, which develops and provides internet ad serving services, for traffic distribution," the post notes. Trend Micro's data pointed to Japan, France, Taiwan, Italy, and Spain as the countries affected by the campaign.
In a statement given to Ars Technica on Friday, Google confirmed the cryptojacking threat, noting that "[i]n this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms."
Google's "blocked in less than two hours" timeline doesn't add up, however. Trend Micro's data suggests that "an increase in traffic to five malicious domains" from DoubleClick advertisements started on or sometime before Jan. 18. By Jan. 24, the company had detected "an almost 285% increase in the number of Coinhive miners."
Google didn't respond to any follow-up questions regarding the timeline.
Coinhive wasn't always used for nefarious purposes. The script was created originally to let website owners harness the processing power of a visitor's computer to mine Monero. So long as the site owner let people know about Coinhive up front and didn't let the script monopolize processing power, it was a relatively ethical way for website operators to turn traffic into income.
Then, in late December, users of a certain Chrome extension discovered that it was also secretly running CoinHive. This incident quickly turned into one of the higher profile examples of a relatively new phenomenon in the malware world: "cryptojacking," the practice of hijacking a PC user's CPU to mine cryptocurrency.
The spread of cryptojacking to YouTube is an alarming development. While it's good that Google eventually shut the activity down, this is a new wrinkle in the cryptocurrency craze that internet gatekeepers will have to better protect against in the future.
Adam Rosenberg is a Senior Games Reporter for Mashable, where he plays all the games. Every single one. From AAA blockbusters to indie darlings to mobile favorites and browser-based oddities, he consumes as much as he can, whenever he can.Adam brings more than a decade of experience working in the space to the Mashable Games team. He previously headed up all games coverage at Digital Trends, and prior to that was a long-time, full-time freelancer, writing for a diverse lineup of outlets that includes Rolling Stone, MTV, G4, Joystiq, IGN, Official Xbox Magazine, EGM, 1UP, UGO and others.Born and raised in the beautiful suburbs of New York, Adam has spent his life in and around the city. He's a New York University graduate with a double major in Journalism and Cinema Studios. He's also a certified audio engineer. Currently, Adam resides in Crown Heights with his dog and his partner's two cats. He's a lover of fine food, adorable animals, video games, all things geeky and shiny gadgets.
