Cryptocurrency miners concealed in banners: YouTube is also targeted
Last week a series of banners containing cript mining scripts circulated on YouTube, most of them based on the discussed service offered by Coinhive.
The plague of cryptocurrency minerals hidden in banner ads has also hit YouTube, targeted last week. The first signs came with a series of complaints spread on social media by various users, alerted to antivirus software notifications indicating the presence of web-miner when they visited the popular video-sharing site.
Trend Micro researchers noted that campaign authors took advantage of Google’s double-click platform to show malicious ads to visitors in some countries, including Japan, France, Taiwan, Spain, and Italy.
In nine cases out of 10, the advert made use of the Coinhive script, which we have already talked about in recent months, and which offers subscribers the opportunity to profit by exploiting the energy and computing resources of third-party systems. unbeknownst to the legitimate owner, through the mining of Monero.
In the remaining 10% of the cases, the researchers found a script connected to a private mining pool, different from that of Coinhive, which allows the attackers to pocket entire amount generated by the mining activity, whereas Coinhive instead restrains a commission of the 30%. Both scripts are programmed to consume up to 80% of the computational capabilities of the targeted system, leaving only the resources necessary for basic operation free.
” Cryptocurrency mining through advertisements is a relatively new form of abuse that violates our rules, and that we are actively monitoring. ” We apply our rules through a multi-tiered detection system between our platforms, which we update as new threats emerge. In this case, the ads were blocked in less than two hours, and malicious actors were quickly removed from our platforms, ” explained a Google spokesperson at Ars Technica.
Statements that do not seem to match precisely the reality of the facts, as the elements collected by Trend Micro and the complaints of users on social networks show that the circulation of advertisements containing javascript-miner took place for about a week.
In any case, the sites that offer video content seem to be the most attractive for this type of malvertising campaigns, since it is precisely on these sites that users tend to spend more time and thus offering the authors of campaigns the possibility of maximizing the own illicit profit.