'Drive-by' cryptomining code was discovered in YouTube ads this week

By Polycount ยท 12 replies
Jan 27, 2018
Post New Reply
  1. "Cryptojacking" is nothing new but it has begun to pick up more steam in recent months. For the unaware, cryptojacking typically involves unscrupulous website owners or advertisers using JavaScript code to take advantage of a website visitor's CPU power to mine cryptocurrency in the background, without their knowledge or consent.

    The Pirate Bay was one of the first websites of note to contain this sort of code but its use has only become more common over time. Indeed, the problem has become so pervasive in certain parts of the internet that web browsers such as Opera have received new features specifically designed to mitigate or eliminate these issues -- usually in the form of ad blocking filters.

    While simply avoiding sketchy sites to begin with might seem like the obvious solution, the issue becomes more complicated when this code starts to appear on bigger, more well-known sites like Showtime or even YouTube.

    This past week YouTuber viewers' antivirus programs began to alert them to the presence of cryptocurrency mining code throughout the website this week, specifically within YouTube's advertising code. Naturally, this led to some users hopping on Twitter to voice their concerns.

    Researchers from antivirus company Trend Micro said these ads resulted in "more than a three-fold spike" in web miner detection stats. The company also said the individuals behind the ads seemed to be targeting YouTube visitors in specific countries, such as France, Taiwan, Italy, Spain and Japan.

    "YouTube was likely targeted because users are typically on the site for an extended period of time," security researcher Troy Mursch said in a statement. "This is a prime target for cryptojacking malware, because the longer the users are mining for cryptocurrency the more money is made."

    This may not seem like a significant issue but background miners can hog quite a bit of a given system's computing power if left unchecked, as much as 80 percent according to Trend Micro.

    Google issued the following statement on the matter:

    Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we’ve been monitoring actively. We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms.

    As Ars noted, evidence supplied by Trend Micro seems to contradict Google's statement. The antivirus company has shown several examples of these ads being in place for the better part of a week, which is certainly longer than the two hours Google claims it took to shut the scheme down.

    Permalink to story.

     
  2. davislane1

    davislane1 TS Grand Inquisitor Posts: 5,162   +4,241

    I demand YouTube send me another 1080ti for this gross negligence in advertising security.
     
  3. Polycount

    Polycount TS Guru Topic Starter Posts: 929   +211

    They probably can't afford the $1500 it would cost to buy one.
     
    Reehahs and davislane1 like this.
  4. davislane1

    davislane1 TS Grand Inquisitor Posts: 5,162   +4,241

    All they have to do is demand content creators with more than 2 fork one over or face further demonetization. They'll comply.
     
  5. QuantumPhysics

    QuantumPhysics TS Addict Posts: 198   +118

    I don't leave my computer running long enough to help them use it.
     
  6. captaincranky

    captaincranky TechSpot Addict Posts: 13,724   +3,143

    I'm running an Intel G-41 board with the stock IGP. I'm wondering how much mining could this rig accomplish?
     
    Last edited: Jan 27, 2018
  7. alabama man

    alabama man TS Guru Posts: 483   +297

    Ads have no benefit to anyone and they seem to be harmful as well. Maybe it's time to ban all ads. Or at least make them text based and limited to 20 letters; product name and what it does. And make lying illegal, that would fix most problems. You can use science to prove stuff if not your product is based on a lie.
     
  8. psycros

    psycros TS Evangelist Posts: 2,132   +1,645

    And by "content creators" you mean miners.
     
  9. Evernessince

    Evernessince TS Evangelist Posts: 2,798   +1,930

    I think there would be more consequences to you going against google for it to be worth it. They own so much now and they have so much money anything but a class action is just going to get snuffed out by their lawyers. Even then that doesn't stop them from banning you from google services.
     
  10. Potato Judge

    Potato Judge TS Booster Posts: 137   +62

    Lol.. People will do anything to get a piece of that mining pie.
     
  11. Icysoul

    Icysoul TS Enthusiast Posts: 39   +13

    For now, this malicious ads are using the CPU for mining, not the graphics card.
     
  12. captaincranky

    captaincranky TechSpot Addict Posts: 13,724   +3,143

    Well, with an ancient Pentium Dual Core E-6300 in this "beast", I don't think I have too much to worry about in that department either.

    While I was being a bit whimsical about my graphics card's memory bandwidth, you bring up a fair point. All I have to do is, listen for the CPU fan to speed up, and / or, leave Task manager running throughout my online activities to see what's going on.

    Even so, were this machine to be attacked, you couldn't get a nickel's worth of Bitcoin out of it, even if I stayed on the site for a month and a half.

    But, this issue does pose the question as to whether or not, "coinhive", is detectable as a running process?
     
    Last edited: Jan 28, 2018
  13. wiyosaya

    wiyosaya TS Evangelist Posts: 2,754   +1,321

    Its probably gagme that put the cryptominers in the ads in there in the first place.
     

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...