YouTube Ads With Hidden CPU-Draining Crypto-Mining Scripts Spotted
Even with YouTube and Google thoroughly policing its online services for malicious ads, a few bad ones are still making it through. Ads on YouTube with hidden crypto-mining scripts have been spotted draining the CPU of users.
Google claimed that it has already moved to clear these ads, though, as they said in an email response directed at Ars Technica's report.
"Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we've been monitoring actively. We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms," a Google spokesperson wrote.
The ad in question was triggering alarms in antivirus programs, which, as of late, has included features to detect these crypto-mining scripts. If left unchecked, these scripts will cause massive slowdowns and increased CPU loads until the offending tab or tabs are closed.
Trend Micro has confirmed these sightings in their blog post on Friday, Jan. 26, attributing these abusive ads to a "malvertising campaign" aimed at Google's DoubleClick ad delivery service. The ads make use of Coinhive, a popular Javascript-based miner used to mine Monero-based cryptocurrencies.
"We detected an almost 285% increase in the number of Coinhive miners on January 24," Trend Micro announced, adding that at least five domains have been linked to these malicious DoubleClick ads no later than Jan. 18.
Users may not be able to avoid the ads altogether when visiting YouTube, but one way to block them is by using Javascript from browsers.
It would seem that Google has been a prominent target for crypto mining hijackers, with their Chrome browser being targeted by extensions that run secret mining scripts, as well.