Mining cryptocurrency at the expense of other people’s resources, even without their information, is not a virtuous way of generating money but is becoming extremely popular among hackers trying to maintain a passive source of income. It came to light last year when popular torrent site ThePirateBay was found stealing bandwidth from the visitors’ CPU and later when several WordPress-based e-commerce sites were found to host a crypto-jacking script CoinHive.
Now, the problem seems to have found its way deep into the mainstream, using YouTube as a hotbed for its mischief. Ars Technica spotted a wave of users complaining about their YouTube experience being hindered by anti-virus software. As it turns out, the anti-virus apps deployed by these users identified YouTube ads as malicious CoinHive scripts used for mining cryptocurrency without the user’s information.
The researchers at Trend Micro confirmed that there was a three-fold increase in the detection of mining scripts after drawing online ads within the circle of suspects. It was noted in a blog post that the hackers behind this rampage were found to be abusing Google’s DoubleClick ad network and targeting select countries including Japan, Taiwan, France, Spain, and Italy. Trend Micro discovered two different mining JavaScripts based on CoinHive drawing up to 80% of the CPU power from attacked machines and mining Monero.
Although Google said that the malicious YouTube ads were contained “in less than two hours“, Trend Micro’s report and social media posts show that ads containing the mining script ran as long as a week. It is far from possible to determine how much was robbed by hackers. The script also displayed unmistakably fake ads which suggested visitors to download anti-virus programs.
Unauthorized crypto mining has become a serious problem which results in draining users’ computing and electric power and is growing as users become more wary about which online ads to avoid. Opera recently took a strict look at the issue by adding a blocker for crypto-jacking scripts in their desktop and mobile browsers.