The clandestine mining of cryptocurrency is something that we have seen in various forms over the last year or so, in website code and Android apps. A new discovery by security firm Trend Micro shows that hackers have found a way to inject Coinhive mining code into ads that appear on YouTube.
The clandestine mining of cryptocurrency is something that we have seen in various forms over the last year or so, in website code and Android apps. A new discovery by security firm Trend Micro shows that hackers have found a way to inject Coinhive mining code into ads that appear on YouTube.
The crypto-jacking technique means that hackers have been able to profit by using other people’s CPU time to mine the Monero cryptocurrency while they watch videos. Trend Micro reports that there has been a huge increase in Coinhive web miner detections in recent days, with hackers abusing Google’s DoubleClick to distribute the code through big site including YouTube.
See also:
Trend Micro says that over the last week there has been a threefold increase in the JS_COINHIVE. GN Coinhive miner. The company says that «advertisements found on high-traffic sites not only used Coinhive […] but also a separate web miner that connects to a private pool,» an explains that it shared its finding with Google.
Writing about its finding in a blog post, Trend Micro explains:
The impact of the crypto-miners was far from insignificant — they had been configured to use 80 percent of CU resources for mining purposes. By using an obfuscated private miner, the hackers were also able to bypass Coinhive’s commission fee.
Trend Micro recommends blocking Javascript to prevent issues like this from arising, but Google has already taken action against the problematic ads.
Image credit: Ryzhi / Shutterstock
