Cryptocurrency miners in Youtube ads

February 5, 2018

More often than not, people knowingly install miners on their computers in an attempt to cash in on the cryptocurrency craze. However, in 2017, attackers got the idea of planting hidden miners in other people’s computers through special malware loaders with the goal of earning more by feeding off someone else’s hardware and electricity.

Next, the shrewd extractors of cost-free cryptocurrency learned how to embed otherwise harmless scripts (Web miners) in websites, and to make use of multiple victims’ computers without having to install malware on each of them. That way, they maximized their victims, which also included smartphone users.

Now, cybercriminals have come up with a new scheme: Instead of embedding mining scripts in the code of a website, some bright spark decided to embed them in YouTube ads and thus spread them across multiple pages and videos without the attackers having to do anything.

How mining through advertising works

The key point is that JavaScript code can be embedded in ads. Usually it’s done to create interactivity: Click to shoot down the plane!, for example. Or to track user behavior: So-and-so watched cat videos for 10 minutes, so next time show cat food ads. But there’s nothing to prevent cybercrooks from similarly embedding JavaScript Web miners, the most notorious being Coinhive.

Anyway, the basic mechanism is the same whatever the Web miner: You go to the site and play a video, and then your computer starts generating cryptocurrency for the script’s “providers” — and everything on your end is horribly sluggish as a result.

What’s more, the cybercriminals even have the cheek to offer fake antivirus solutions in banners containing the hidden miner. After clicking on the banner and downloading the program, the user gets infected instead of protected.

It’s no accident that hosted videos have become a favorite attack platform. First, as we already said, the mechanism for displaying ads on a site does most of the attackers’ work for them in terms of distribution. By the way, a curious fact: Web-mining cybercriminals seem to prefer audiences in France, Spain, Italy, Japan, and Taiwan — it’s in these countries that malicious videos are most prevalent.

Also, people spend a lot of time on YouTube, and the longer the computer works on generating cryptocurrency, the more it will create. Lastly, users trust well-established sites like YouTube, especially now that Google is behind it. So if a video starts acting up, users are more likely to pin the blame on their Internet connection or background software, not problems with video-hosting security.

So your computer is doing a spot of mining for someone else — what’s the big deal? Why not just admire their skill and let the cybercriminals earn a couple of cryptocoins?

Well, for one thing, you’re wasting electricity and having your enjoyment spoiled while making someone else rich. Is that what you want? Second, when your computer’s on its last legs with smoke pouring from its vents, will you praise the invention of cryptocurrency or curse it?

If someone is mining on your machine without your knowledge, you have bad news that could get worse. Want to use Photoshop to edit some pics while playing your favorite YouTube mix in the background? You (or rather your computer) will get hot just opening the program. Same for games.

Web-mining schemes are getting more sophisticated, but it’s still fairly simple to stay safe. The main thing is to look after computer security and install a decent antivirus solution. Kaspersky Internet Security 2018, for example, can detect such scripts on any website. With it installed, no one can hijack your machine to mine cryptocurrency, let alone deliver Trojans or conventional hidden miners, which are still making the rounds.