YouTube has recently been targeted by a group of enterprising hackers that apparently found a way to insert mining scripts within video ads. The code would basically let the hackers use up to 80 percent of a viewers CPU power to mine bitcoins and other cryptocurrencies. By simply watching an advertisement with the malicious script or by clicking on a specific YouTube advert link, a viewer is unknowingly giving the hackers full access to their device’s computing power, which is then used to mine for the valuable digital coins.
According to Ars Technica, The hack, or Cryptojacking as it is currently being referred to, was first detected last week when a number of YouTube users reportedly filed complaints regarding how simply watching YouTube adverts was triggering their antivirus software. According to a recent blog post from Trend Micro, an antivirus and security software company, the cyberattacks apparently utilized a type of mining software from Coinhive. The company also identified the majority of where the traffic comes from, which is reportedly from a Google-owned subsidiary company called DoubleClick Advertisement. Trend Micro also published its finding online and revealed that there are specific countries that are being targeted by the new modus operandi, which includes Japan, France, Taiwan, Italy, and Spain.
Unauthorized browser-based cryptocurrency mining isn’t really something new as several plug-ins and websites, including Pirate Bay and other torrent sites, have already been caught utilizing this method to earn extra income from incoming traffic. Some developers believe that the practice may one day eliminate ads on websites and videos altogether, as doing so without a visitor’s prior consent would essentially be tantamount to theft. In the case of YouTube, the malicious script basically utilizes a big majority of a user’s computing power, resulting in possible hardware damage or a complete system crash.