Crypto-Mining Malware Hits YouTube’s Ad Network

30. Jan 2018 Posted by Akolkar B on News

There has reportedly been an increased activity of online phishing, and spreading of malware by online miscreants, ever since the crypto craze has started exploding. Whether or not you are involved in any sort of crypto-related activities, online visitors need to remain extremely careful while browsing content.

Last week, it yet another incident of crypto-malware, Ars Technica reported on Jan 26 that a new “cryptojacking” malware has recently hit YouTube’s Ad Network. As per the report, a rogue malware was injected in the YouTube’s DoubleClick ad network which was designed in order to consume 80 of user’s CPU power and electricity in order to mine the “Monero” cryptocurrency. The only thing good about this was that it did not steal user or harm the computer in other ways.

As soon as this thing came to Google’s notice, the tech giant was quick to act on it and resolve this matter over the course of the weekend. Google told Ars Technica that "[i]n this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms."

Trend Micro, an antivirus maker was the first one to report this issue. In its blog post on Friday, Jan 26, the company stated that it has "detected an almost 285 percent increase in the number of Coinhive miners on January 24," but had "started seeing an increase in traffic to five malicious domains on January 18."

Later the issue came to limelight as many other users started talking about this on social media reporting that their antivirus program is displaying a suspicious mining codes in the ads placed on YouTube. Italian web designer Diego Betto last Thursday (Jan. 25) tweeted: "Hey @avast_antivirus seems that you are blocking crypto miners (#coinhive) in @YouTube #ads Thank you :)”

Coinhive, that carries a legitimate status for browser-based cryptocurrency-mining operation is well-known for its notoriety in the past and this time too it has been the reason for the malware injection. Security specialists say that two different Connive scripts were spotted along with the one that shows advertisements using DoubleClick.

The webpages deceived the visitors by showing authentic advertisements "the two web miners covertly perform their tasks”. Trend Micro explained: "We speculate that the attackers' use of these advertisements on legitimate websites is a ploy to target a larger number of users, in comparison to only that of compromised devices.”

Some of the major countries whose users were affected by the malware include Japan, France, Taiwan, Italy, and Spain.

With increased crypto trading activities, users need to remain alert about any such possible malware. However, this malware was not much potentially destructive in terms of jeopardizing user data but not every malware will be the same in the future.

Online visitors are requested to shield their browsing activities with proper antivirus software.