Google and YouTube Get Conned by Cryptohackers

Google is in bad blood with Youtube for turning passive viewers into cryptocurrency miners. Youtube ads are being used by anonymous hackers to covertly leach off visitors' CPUs and electricity to generate digital currencies like Bitcoin. In case you’re still clueless about cryptocurrencies or the mining process, these amazing facts about Bitcoin might help. The one piece of information you need to know for now is that the creation process of cryptocurrencies is powered by electricity and some hackers are stealing that electricity off your CPU. The issue surfaced earlier this week when anti-virus software of Youtube user raised red flags on some of the Google ads used on YouTube.

Trend Micro, an international cybersecurity company in a blog post on Friday, subjected the hike in web miner detections to a malvertising campaign. The key sources to this malvertising campaign were reported to be Coinhive and another web miner that connects to a private pool. Google is victimized by these hijackers as they exploit “Google’s DoubleClick, which develops and provides Internet ad serving services, for traffic distribution.” The malvertising campaign used by hackers allows them to profit from unwitting users as they watch YouTube videos.

The web domains that are most affected are reported from Japan, France, Taiwan, Italy, and Spain. The increase in traffic to these five malicious domains reportedly surfaced on January 18 and witnessed a hike of 285% in the number of Coinhive miners on January 24. The primary source of this malicious traffic came from  DoubleClick advertisements. Trend Micro in its blog post explains that “The affected webpage will show the legitimate advertisement while the two web miners covertly perform their task.”

Fun Fact: Coinhive was created originally to let website owners harness the processing power of a visitor's computer to mine Monero. As long as the harnessing was transparent and based on mutual consent, Coinhive was a relatively ethical way for website operators to turn traffic into income.

How this whole process works is that the Google ads on Youtube are embedded with a JavaScript code that generates a random number between variables 1 and 101. Whenever the code generates a variable above 10, which is usually the case nine out of ten times, JavaScript code calls out coinhive.min.js to mine and drains out 80% of the CPU power. As for the other 10% of the variables, a private web miner is launched.

Fortunately, the traffic on these corrupted cryptocurrency miners has reduced since 24th January. Yet, in order to safeguard your CPU’s power, users can start by blocking JavaScript-based applications from running on browsers. Make sure to update your software, especially the web browsers regularly to avoid these cryptocurrency-mining services. Although Google is already on its toes to curb these malicious ads, the spread of cryptojacking to YouTube does raise some serious questions on the cryptocurrency craze.