Now even YouTube ads use CPU viewers to dig virtual money

YouTube has recently been exposed to displaying advertisements to take advantage of video viewers to dig virtual money for anonymous attackers. This news quickly spread.

Around Tuesday, users complained when their antivirus program found a code to dig virtual money when visiting YouTube. Alerts also appear when they change their browser and appear to be limited by the number of times users turn on YouTube.

On Friday, researchers using Trend Micro said that advertising made the number of mining tools discovered on the web tripled. They said the attacker behind advertising took advantage of Google DoubleClick to show promo. report for YouTube users in some countries such as Japan, France, Taiwan, Italy and Spain.

Advertising contains JavaScript Monero virtual money digging. 9 out of 10 cases use Coinhive's available JavaScript snippet, a controversial virtual money digging service that allows secretly using other people to profit.

The remaining 10% of ads use separate JavaScript to retain 30% for Coinhive. Both types of scripts consume up to 80% of the viewers' CPU and leave only a little bit of work.

Now even YouTube ads use CPU viewers to dig virtual money Picture 1
There are JavaScript scripts digging virtual money on YouTube ads

'YouTube is easily targeted because users often access it for a long time,' said researcher Troy Mursch. 'It's a good bait for malware to dig virtual money because the longer the user is on the page, the more bad guys will earn.' Mursch said the September campaign to exploit the Showtime website to install virtual money digging ads is another example of an attacker targeting video sites.

In some cases, malicious JavaScript snippets also come with ads for antivirus software, tricking users into installing malware.

Now even YouTube ads use CPU viewers to dig virtual money Picture 2
Ads trick users into installing malware

The ad above was analyzed by Trend Micro and posted on a social network, digging Monero for a person with the key on Coinhive is h7axC8ytzLJhIxxvIHMeC0Iw0SPoDwCK. Don't know how much this user has earned. Trend Micro said that the campaign started on January 18.

As the problem of taking advantage of the user machine to dig up virtual money on the web is increasing, antivirus software has begun to warn when it detects a virtual money digging script on the website and allows users to block this behavior. No matter how much power and CPU CPU you have, there is no sign of ransomware or other malware on the user's computer, as long as they don't download anything.

See more:

1. The Chrome gadget secretly exploits virtual money, making it slow
2. How to block websites using your CPU to dig virtual money
3. Malicious ads dig virtual money right on the browser