Youtube definitely has more than 20 users at any given time, and they spend hours on the site.
Versions of both Coinhive’s miner as well as a modified copy with different mining pool addresses appeared inside the HTML code for Youtube’s adverts that run on the right-hand sidebar, and more than half of all the incidences reported by antivirus vendors link to the same XMR wallet. Researchers from Trend Micro reported last week that the adverts drove up the reports of browser-based crypto miners threefold, and the targets were users in countries like Japan, France, Taiwan, Italy, and Spain.
What’s even more fascinating is how the miners got around Coinhive’s fees structure. Using a random number generator that rolled with each user visit to a channel with the advertisment running, 80% of the time the miners were using Coinhive’s native miner, and 20% of the time were mining into their own private pool to pay off Coinhive’s fees and incur no profit losses.
Browser-based cryptomining will eventually be how we pay for the internet and avoid advertising that tracks us everywhere, but for now the malicious parties putting this out there will be able to reap the rewards of lax security through the websites that serve their adverts. If you’re a system admin, check out Trend Micro’s report, which includes a list of URLs that you can block to stop the advert from running on user’s systems.