Skip to main content

Malicious ads on YouTube were used to mine cryptocurrency with viewers’ CPU

After watching Bitcoin surge to insane prices just a few weeks ago, people everywhere have a heightened awareness of cryptocurrency. As such, some websites have been looking to cash in on the tech by using advertisements to take advantage of the power of visitors’ CPUs to mine cryptocurrency. Now, it’s been discovered that attackers were using YouTube to do just that.

As ArsTechnica reports, it was recently discovered by anti-virus provider TrendMicro that some YouTube ad space had fallen to hackers taking advantage of viewers’ CPUs. Apparently, these attackers were using Google’s DoubleClick ad network to display these ads to YouTube users in select countries globally, including Japan, France, Taiwan, Italy, and Spain.

The code used to do this was apparently from Coinhive, a popular provider for this type of technology. The scripts were being used to mine the cryptocurrency Monero, a digital coin that has been rumored to merge with Litecoin. As Ars states, Coinhive has proven very controversial.

[Coinhive] allows subscribers to profit by surreptitiously using other people’s computers. The remaining 10 percent of the time, the YouTube ads use private mining JavaScript that saves the attackers the 30 percent cut Coinhive takes. Both scripts are programmed to consume 80 percent of a visitor’s CPU, leaving just barely enough resources for it to function.

YouTube is certainly an ideal platform for this type of technology for the obvious reason that people will typically spend more time on a page on YouTube. The more time the ad is shown, the more cryptocurrency it can mine using that CPU. In some cases, the ad blocks were completely blank, but in others, they could show advertisements for fake anti-virus programs.

Trend Micro reported that this started on January 18th, but apparently, Google was aware of the issue as a representative says:

Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we’ve been monitoring actively. We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms.

While the representative states the issue was handled in “less than two hours,” reports show that the ads ran for as long as a week. Hopefully, Google will be able to continue blocking these ads from invading its ad networks.


Check out 9to5Google on YouTube for more news:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications