Google Shuts Down Hackers Using YouTube Ads To Mine Cryptocurrency

YouTube has recently been targeted by a group of enterprising hackers that apparently found a way to insert mining scripts within video ads. The code would basically let the hackers use up to 80 percent of a viewers CPU power to mine bitcoins and other cryptocurrencies. By simply watching an advertisement with the malicious script or by clicking on a specific YouTube advert link, a viewer is unknowingly giving the hackers full access to their device’s computing power, which is then used to mine for the valuable digital coins.

According to Ars Technica, The hack, or Cryptojacking as it is currently being referred to, was first detected last week when a number of YouTube users reportedly filed complaints regarding how simply watching YouTube adverts was triggering their antivirus software. According to a recent blog post from Trend Micro, an antivirus and security software company, the cyberattacks apparently utilized a type of mining software from Coinhive. The company also identified the majority of where the traffic comes from, which is reportedly from a Google-owned subsidiary company called DoubleClick Advertisement. Trend Micro also published its finding online and revealed that there are specific countries that are being targeted by the new modus operandi, which includes Japan, France, Taiwan, Italy, and Spain.

Bitcoin Mining Hack

Google also issued its own statement and informed all of its users that it has already dealt with the problem. According to a Google representative, the malicious ads have apparently already been blocked and all of the associated accounts have been removed. Google reportedly utilized a two-hour detection method that closely monitored any newly submitted ads. Hackers usually upload a clean advert for validation, which they then swap with a similar ad that contains a malicious JavaScript as soon as the initially submitted ad goes live.

Unauthorized browser-based cryptocurrency mining isn’t really something new as several plug-ins and websites, including Pirate Bay and other torrent sites, have already been caught utilizing this method to earn extra income from incoming traffic. Some developers believe that the practice may one day eliminate ads on websites and videos altogether, as doing so without a visitor’s prior consent would essentially be tantamount to theft. In the case of YouTube, the malicious script basically utilizes a big majority of a user’s computing power, resulting in possible hardware damage or a complete system crash.