YouTube Ads Let Crypto Hackers Hijack Computers

Even if you don't know what cryptocurrency is, hackers are using YouTube ads to make money off it using your computer.

btckeychain/Flickr

Most of us don’t even know what Bitcoin and cryptocurrency even are, we just know that tech bros worldwide are getting rich off of these things. Turns out that some of them are getting rich off them using our computers.

Tech blog Ars Technica reports that YouTube was allowing ads that leach off your computer to mine cryptocurrency for malicious hackers. An Italian web designer named Diego Betto first noticed that the ads running on the right-hand side of the YouTube display were running malware that hijack a computer’s central processing unit to mine Bitcoin-like cryptocurrencies.

“During normal browsing on YouTube, at some point, the antivirus Avast reported something that was not good,” Betto wrote on his blog. “From the Chrome Inspector it appears that one of the ads is infected and tries to load a crypto miner from Coinhive.”

Respected tech site Trend Micro spells it out in more scholarly terms. “An analysis of the malvertisement-riddled pages revealed two different web miner scripts embedded and a script that displays the advertisement from DoubleClick,” write Trend Micro’s Chaoying Liu and Joseph C. Chen. (DoubleClick is a Google-owned subsidiary that delivers ads to YouTube and many other sites.) “The affected webpage will show the legitimate advertisement while the two web miners covertly perform their task. We speculate that the attackers’ use of these advertisements on legitimate websites is a ploy to target a larger number of users, in comparison to only that of compromised devices. The traffic involving the abovementioned cryptocurrency miners has since decreased after January 24.”

Google claims in a response to Ars Technica that they squelched the problem quickly. “In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms,” a representative claimed. “We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge.”

An Ars Technica analysis from last October found that more than 500 million computers and smartphones worldwide have been compromised by cryptocurrency miners that surreptitiously use your device to perform transactions of the digital currency.

View Comments