Malicious YouTube Ads Mine Monero Using Viewers’ Computers

The concept of in-browser mining scripts has garnered a bit of a bad reputation over the past few months. No one likes the idea of someone else using their CPU to mine cryptocurrencies without consent. It now seems this trend is expanding via YouTube. More specifically, the video platform is displaying ads which use visitors’ CPUs to generate digital currency. It is a very worrisome development that will anger a lot of users.

Is YouTube now Mining Crypto?

It is evident there is growing interest in mining cryptocurrencies with someone else’s computer and computing resources. This has been going on for quite some time now, and it seems things will not be improving anytime soon. Injecting cryptocurrency mining scripts into YouTube ads is a clever trick, but it’s also one of the more worrisome developments in recent weeks.

According to a recent Ars Technica article, multiple users have reported these annoying YouTube advertisements. It is unclear where the ads came from or who managed to get them on YouTube. Considering that this video platform continues to gain popularity all over the world, it is only normal that it will attract the attention of criminals as well. Purposefully inserting such scripts in advertisements displayed on the platform is rather troublesome, although it seems most of these ads have been removed.

Most of the advertisements in question contained hidden code related to the Monero browser mining scripts we have seen over the past few months. Changing between browsers made no major difference, which indicates that the script used was rather versatile and professional. It is uncanny how far some people are willing to go when it comes to making money, although this attempt is by far one of the more brazen that we have seen to date.

Trend Micro investigated these reports, and they noticed that the ads resulted in 300% more web miner detections. It seems the code made its way onto YouTube by exploiting Google’s DoubleClick ad platform. More specifically, the criminals successfully targeted countries in which YouTube is especially popular, including Japan, France, and Spain. All of the advertisements contained JavaScript, which is the catalyst for mining Monero using other people’s computing resources.

Surprisingly, of these ads, nine out of ten used the Coinhive mining script, whereas the remaining one utilized a private mining JavaScript. Said script was more lucrative for the attackers, as it removed the reliance on Coinhive altogether. Considering that this company charges a 30% cut of all mining profits, it is only normal that there would be an interest in coming up with ways to eliminate the middleman.

It is evident that we will see more efforts like these in the future. Now that some people have found a way to integrate cryptocurrency mining scripts into YouTube ads, it’s not unlikely that other video streaming platforms will be affected as well. We can only hope such issues are thwarted within 2 hours, as happened in this case. At the same time, some users complained that these advertisements remained online for over a week. Web-based cryptocurrency mining has quickly taken a turn for the worse, but this is not the last we will hear regarding this development.