Browser-based cryptomining code found in Youtube adverts

Youtube is one of the most visited websites on the planet, and it’s been constantly targeted by hackers and rogue advertising companies in a bid to try gain access to user data or steal information. Nowadays, that’s not the hot new thing that hackers are into – instead, it’s browser-based cryptocurrency mining through a Javascript-based Monero miner. Mining Monero is still possible, and somewhat profitable on processors, and it’s also possible to hide a Monero miner in an advertisment driven by Javascript. As it turns out, that’s exactly what’s been happening on Youtube for the past few weeks.

Mining Monero (XMR) through Javascript isn’t a new idea, and it’s been made popular thanks to Coinhive (this link is safe), a US-based company that licenses the script and the Monero Javascript API to websites that wish to use it to replace revenue from advertising. According to their calculations, it isn’t going to be lucrative for extremely small blogs and websites to implement. However, anything more than 20 users constantly mining for long periods throughout the day might be enough to make it worthwhile.

Youtube definitely has more than 20 users at any given time, and they spend hours on the site.

Versions of both Coinhive’s miner as well as a modified copy with different mining pool addresses appeared inside the HTML code for Youtube’s adverts that run on the right-hand sidebar, and more than half of all the incidences reported by antivirus vendors link to the same XMR wallet. Researchers from Trend Micro reported last week that the adverts drove up the reports of browser-based crypto miners threefold, and the targets were users in countries like Japan, France, Taiwan, Italy, and Spain.

Monero’s value similarly spiked thanks to the crypto mining taking place on Youtube, possibly driven by the mining groups themselves.

What’s even more fascinating is how the miners got around Coinhive’s fees structure. Using a random number generator that rolled with each user visit to a channel with the advertisment running, 80% of the time the miners were using Coinhive’s native miner, and 20% of the time were mining into their own private pool to pay off Coinhive’s fees and incur no profit losses.

Browser-based cryptomining will eventually be how we pay for the internet and avoid advertising that tracks us everywhere, but for now the malicious parties putting this out there will be able to reap the rewards of lax security through the websites that serve their adverts. If you’re a system admin, check out Trend Micro’s report, which includes a list of URLs that you can block to stop the advert from running on user’s systems.

Source: Ars Technica

Blair Witch Dog
Blair Witch gameplay trailer brings a dog to a witch fight