Malicious YouTube ads have been using your CPU power to mine cryptocurrency

Vaughn Highfield January 29, 2018

Cryptocurrencies have been a hot topic of late, largely due to the crazy price inflation Bitcoin has seen over the past few months.

Malicious YouTube ads have been using your CPU power to mine cryptocurrency

As more eyes hit the cryptocurrency space, so have more opportunists wanting a slice of the pie. And now, thanks to those folks, it’s been revealed that malicious YouTube ads were being placed to suck viewer’s CPU power to help mine cryptocurrencies.

Antivirus software provider TrendMicro first reported that some YouTube ad space had been hacked and was being used to take advantage of a viewer’s CPU. The hackers were making use of Google’s own DoubleClick ad network to distribute the adverts to YouTube users in select countries around the world.

Interestingly, the code to perform such a task appears to be an off-the-shelf option from Coinhive. The company claims its product can help you “monetise your site visitors” by essentially sucking their CPU power and putting it into mining cryptocurrencies. The script running on YouTube was used to mine Monero, a coin that’s said to be merging with Litecoin and is thus a lucrative and easy to mine currency.

As Ars Technica points out in its report, the Coinhive script is only active 90% of the time, with the remaining 10% utilising a custom JavaScript that does the same process but avoids giving Coinhive the 30% cut it demands. With both processes running, the YouTube ad is set to suck 80% of a visitor’s CPU, meaning it barely has enough left to function and run the YouTube video in question.

If you’re wondering if this has affected you, it’s said that many of the ad blocks shown were entirely blank or instead offered up links to fake antivirus programs. You’d also be rather aware of how much slower your PC was running while on YouTube.

Thankfully, the adverts weren’t running for too long. TrendMicro states that they first appeared on 18 January, but Google tackled the problem within a couple of hours of discovering the issue. Even so, Google didn’t jump on it straight away and it’s believed the ads ran for a little less than a week.

“Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we’ve been monitoring actively,” a Google spokesperson said on the matter. “We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms.”

YouTube makes for quite a nice target for cryptominers to utilise as it’s a high-traffic website that also sees users spending a long time on each page. Compared to the likes of an online retailer, people aren’t navigating away as often, nor are they as likely to be jumping between multiple tabs. They’re also unlikely to notice a dip in computer performance if they’re simply streaming video for ten minutes at a time.