Cybersecurity researchers recently discovered that malicious attackers are now targeting YouTube ads to distribute cryptocurrency mining software. The software is injected without a victim’s knowledge or consent and uses their device CPUs to covertly miner cryptocurrency to the hackers’ profit.
This latest trend was discovered after affected users stated on various social media platforms that their antivirus software detected cryptocurrency mining code after they viewed videos on YouTube.
The cybersecurity firm, Trend Micro discovered the latest cryptojacking technique. According to the firm’s researchers, the targeted ads caused a three-fold spike in major antivirus detection software. The hackers were found to exploit Google’s DoubleClick ad service to exploit users in Spain, France, Italy, Taiwan, and Japan.
In addition, Trend Micro found that the CoinHive script was used in 90% of affected ads. The remaining 10% of ads used a similar code that hackers created themselves, possibly to prevent having to cough up CoinHive’s required 30% commission.
In a blog post, the researchers note that the hacked webpage will still display the correct ad while the cryptocurrency mining script secretly targets the victim’s CPUs. The researchers added that this technique has likely been decided on to target more users and in turn perform the hack more profitably.
Last week, Google confirmed the new suspicious activity while giving a statement to Ars Technica. A Google spokesperson confirmed that the company blocked and removed all malicious actors from their platform within two hours of discovery.
In an official statement, the spokesperson added that cryptojacking using ads is still a new technique that breaches Google’s policies. However, since learning of these new instances, the spokesperson emphasized that the company has increased their monitoring by using a multi-layered detection system over all their platforms.
However, there has been some dispute regarding the spokesperson’s claims of removing the threat actors within two hours of discovery, since Trend Micro’s report confirms that the malicious ads have been active since at least January 18. According to the Trend Micro researchers, there was a 285% spike in CoinHive miners by January 24.
In recent months, cryptojacking has becoming more and more common, especially since cryptocurrencies have become more valuable. Cybersecurity experts have voiced the opinion that the increased tension and hype surrounding cryptocurrency could cause a virtual arms race as hackers are resulting in more desperate measures to claim their share of cryptocurrency.
In the last few months, several websites were discovered to carry a cryptocurrency code, such as UFC, The Pirate Bay, Showtime, and Starbucks. This number is likely only to increase as more and more hackers are eagerly attempting to exploit vulnerable users to get their hands on cryptocurrency.