While the actual value of cryptocurrencies continues to fluctuate, the desire to get rich off decentralised digital money remains at an all-time high.
Sadly we didn’t all have the foresight of 50 Cent, leaving many of us scrambling to figure out what the hell blockchain is so we can start popping bottles and buying F1 cars. For a less law-abiding sort, the current crypto boom means something else entirely: an opportunity to make bank screwing over unsuspecting YouTube viewers.
Antivirus software provider Trend Micro revealed last week that YouTube was displaying malicious ads containing code that covertly leached off visitors’ processing power to generate the cryptocurrency Monero on behalf of anonymous hackers. The problem was discovered after users began complaining on social media that YouTube ads were triggering their anti-virus software.
— Diego Betto (@diegobetto) January 25, 2018
The bulk of the ads appeared on Wednesday and affected victims in a handful of countries including Japan, France, Taiwan, Italy and Spain.
An independent security researcher, Troy Mursch, told Ars Technica that YouTube was likely targeted because “users are typically on the site for an extended period of time. This is a prime target for cryptojacking malware, because the longer the users are mining for cryptocurrency the more money is made.”
However, Coinhive quickly transformed from an above-board way to monetise internet traffic into a hacking tool for cybercriminals. Attackers have secretly installed the code on thousands of websites to siphon users’ processing power for mining Monero, and many anti-virus providers – including Trend Micro – now consider Coinhive one of the most pervasive malware threats facing the modern internet.
Google, YouTube’s parent company, confirmed the cryptojacking threat and released an official statement about the attack:
“Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we’ve been monitoring actively. We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms.”
For its part, Coinhive has said it has banned the account that was using its miner in the YouTube ad scheme, but with the crypto frenzy only growing, expend the trend for mining by malware to continue growing with it.