Email
Password
Remember meForgot password?
    Log in with Twitter

article imageGoogle admits YouTube hosted malicious crypto-mining ads

By James Walker     Jan 29, 2018 in Technology
Google's said it's developing new techniques to detect malicious crypto-mining adverts after YouTube was caught displaying them to unsuspecting users. Ad-based miners are a new form of malware that generate revenue while slowing down the user's device.
Mining Monero
The malvertising campaign was detailed by security firm Trend Micro in a blog post late last week. It was large enough to create a temporary tripling in the number of active Coinhive miners. Coinhive is a service which provides JavaScript cryptocurrency mining scripts that can run inside web browsers.
Analysis of the surge in traffic revealed it was originating from adverts hosted on Google's DoubleClick network that were displayed alongside YouTube videos. As unknowing users browsed the site and watched content, the ads silently mined coins of the Monero cryptocurrency for the attackers. It's impossible to determine how many coins the campaign could have mined.
The scripts were configured to use up to 80% of the device's CPU power, implying the attacker was trying to avoid detection. Because cryptocurrency mining is a performance-intensive operation, the user is likely to notice significant performance slowdowns on their device. The processor throttling prevents the script from consuming all the device's resources, which could mitigate some of the slowdowns and prevent the user from noticing.
"Multi-layered detection"
Ads that employ cryptocurrency mining scripts to create revenue are a new form of attack that first gained attention last year. Streaming services such as YouTube are ideal targets because users tend to spend a long time on each page. While watching a YouTube video, an ad could be displayed uninterrupted for multiple minutes at a time, maximising coin production.
In a statement to Ars Technica last week, Google confirmed the breach of YouTube's ad policies and said it's taking steps to prevent future similar campaigns. The company claimed it removed the ads "in less than two hours," although it hasn't clarified the timeline of events.
READ NEXT: Report: Microsoft building new "modern" Windows 10 version
"Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we've been monitoring actively," said Google. "We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms."
The soaring value of cryptocurrencies last year has helped make mining scripts into an attractive form of attack for hackers. Well-crafted campaigns can avoid the user's attention entirely while generating substantial revenue.
There are steps users can take to prevent the activity, such as installing a browser security extension. This can help to minimise the attack's impact and prevent websites from consuming excessive resources.
More about YouTube, cryptocurrency, cryptocurrency mining, Cybersecurity, cryptojacking
 
Latest News
Top News