As the popularity of digital currencies continues to grow, so does the growth of online phishing activities. In the past, we have seen crypto miners luring online visitors on different websites to be a part of catchy advertisements and schemes taking undue advantage of the visitor’s computational power for mining process. Such attacks not only reduces the computational power to one’s machines, they pose a big threat to the visitor’s private data as well.
In a report submitted on Jan 26. by Ars Technica, a new case of “cryptojacking” was detected on YouTube and has been reportedly resolved by the parent company Google over the course of the weekend. The report shows that hackers successfully managed to run different ads on YouTube that would consume the visitor’s CPU power and electricity in order to mine cryptocurrencies.
The first one to spot this problem were researchers from antivirus company Trend Micro. In the blog post on Jan 26, they reported that they “detected an almost 285 percent increase in the number of Coinhive miners on January 24,” but had “started seeing an increase in traffic to five malicious domains on January 18.”
The report also shows that attackers have been successful in placing mining malware on YouTube Ads through the Google DoubleClick advertising platform. Some of the country who were the major target of attackers include Japan, France, Italy, Spain and Taiwan. An Italian web designer Diego Betto tweeted last Thursday stating “Hey @avast_antivirus seems that you are blocking crypto miners (#coinhive) in @YouTube #ads Thank you :).”
— Diego Betto (@diegobetto) January 25, 2018
After having thoroughly analyzed the cause of this ‘malware advertisement’, the specialists have identified two different miner scripts along with the one that shows advertisement using DoubleClicks. The webpage tricks users by showing legitimate advertisements. On the other hand, “the two web miners covertly perform their tasks” as the visitors remain unaware of this proceedings.
“We speculate that the attackers’ use of these advertisements on legitimate websites is a ploy to target a larger number of users, in comparison to only that of compromised devices”, explained Trend Micro.
Coinhive is a controversial browser-based mining operation used by some of the website operators to earn income. However, for the website to do so, it mandatory for them to ask permission from visitors and intimate them that their computational power will be used to earn money for the website.
One of the ways for websites visitors to prevent from being a victim of such hacking is to run a specialized software or the least one can do is running an ad-blocker or script blocker on their browsers.