Hackers misusing YouTube ads to inject CPU-draining cryptocurrency miners

Unauthorised cryptocurrency mining is a new trend that is targeting browsers and now popular platforms like YouTube.

| Updated on: Jan 27 2018, 15:10 IST
Hackers abuse Google’s DoubleClick ad platform to inject cryptocurrency miners
Hackers abuse Google’s DoubleClick ad platform to inject cryptocurrency miners (REUTERS)
Hackers abuse Google’s DoubleClick ad platform to inject cryptocurrency miners
Hackers abuse Google’s DoubleClick ad platform to inject cryptocurrency miners (REUTERS)

Hackers are misusing Google's DoubleClick ad platform on YouTube to access users' computers to mine cryptocurrency, security research firm Trend Micro reported on Friday.

The firm reported that the number of Coinhive web minor detections had grown three-fold through a malvertising campaign.

"We discovered that advertisements found on high-traffic sites not only used Coinhive (detected by Trend Micro as JS_COINHIVE.GN), but also a separate web miner that connects to a private pool. Attackers abused Google's DoubleClick, which develops and provides internet ad serving services, for traffic distribution," said the firm in a blog post.

According to the report, users in countries like Japan, France, Taiwan, Italy and Spain were affected.

"We detected an almost 285% increase in the number of Coinhive miners on January 24. We started seeing an increase in traffic to five malicious domains on January 18. After closely examining the network traffic, we discovered that the traffic came from DoubleClick advertisements," said the Trend Micro report.

Masquerading as genuine ads

Security researchers found that the hackers were using two different web miner scripts and one more that showed ads from Google's DoubleClick platform. The infected web page served the ad as a genuine one whereas the other scripts covertly accessed the device's resources.

Google's response

Google acknowledged that misusing of its ad platforms for mining cryptocurrency was a new challenge for the company.

"Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we've been monitoring actively. We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms," Google said in a statement to ArsTechnica.

Why miners are using others' devices?

While users can always purchase and sell crypto currencies online, they can also mine it. The process is a bit tedious and slow. Mining crypto currencies at a larger scale will require stress on machine resources and high maintenance. Distributing the effort will allow hackers to mine the crypto currency with lesser resource drain and most probably is a faster mechanism to mine.

What should users do?

Trend Micro suggests that users should block JavaScript-based applications running on browsers.

"Regularly patching and updating software—especially web browsers—can mitigate the impact of cryptocurrency malware and other threats that exploit system vulnerabilities," the firm added.

One can also consider using Opera browser that recently added Bitcoin mining protection feature to prevent "cryptojacking" or "cryptocurrency mining."

Follow HT Tech for the latest tech news and reviews , also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 27 Jan, 15:09 IST