YouTube fixed their vulnerability which allowed adverts to utilize viewer's CPU power for mining cryptocurrency.
Mining cryptocurrencies has gone to an all new level as hackers found a way to cyrptojack YouTube's passive viewer's computing resources to mine cryptocurrency called Monero. Cryptojacking is the process of hijacking other people's computing power to mine cryptocurrencies. This results in the draining of CPU's performance by performing mining activities.
YouTube Malvertisements
YouTube advertisements were found to run cryptocurrency mining codes which drained their viewer's CPU performance. The trouble of cryptocurrency mining malware embedded along with online advertisements portrayed its ugliness to the world in a big way last week, as large number of malicious ads popped up on a famous social site - YouTube. This behavior was due to crook injecting malicious content into Google's DoubleClick ad network.
The ads were found to consume more than 80 percent of the YouTube viewer's CPU efficiency to mine a well known cryptocurrency called Monero. Fortunately the ads were not intended to run any malicious code which harms or steals user private data.
Cryptojacking - Root Cause
Trend Micro's researchers (involved in producing anti-virus) were among the first to detect this problem. In their official blog, they mentioned that they detected an increase around 285 percent in the population of CoinHive miners on Jan 24. Most of these mining activities were detected in France, Japan, Italy and Taiwan.
CoinHive is one of the browser-based cryptocurrency miner which allows the website owners to make profit by mining Monero. Though CoinHive was not frequently used for nefarious mining activities, its script doesn't prevent hackers from injecting into a site's code. Till now, script owners let the people know about their mining operations upfront and controlled the script from monopolizing the CPU's processing power.
The hackers were found to inject the CoinHive script into the Google's DoubleClick ads with which they were able to mine Monero without the knowledge of viewers. The malicious ads reportedly, also comes in the form of counterfeit virus attack warnings. When the user clicks on these warnings it started the execution of scripts.
Why hackers target YouTube?
For mining cryptocurrencies, miners need electricity to power computing resources and an internet connection. More the performance of the computing platform higher is the probability of successfully mining cryptocurrencies. Since YouTube is one of the largest viewed online social media and viewers spend more time on it compared to other sites, attackers have targeted it. Users wouldn't have noticed that their processing power is being utilized for performing mining activities while they watch their favorite videos.
Google's preventive measures
In Google's statement to Ars Technica, it had confirmed the cryptojacking activities and in this case, Google has blocked those ads (injected with malicious scripts) in less than two hours. It also said that the malicious actors were removed from their platform. Google mentioned that they will remove any mining adverts within minutes of their appearance but hackers keep changing their strategies to perform these activities.
It is worth mentioning here that in late December 2017, certain Chrome users discovered some of the Chrome extensions were secretly running CoinHive scripts without their knowledge.
How to protect ourselves from these attacks?
The spread of cryptojacking shows how alarming our current situation is. If attackers are able to perform such malicious activities in a well known social media then they can easily target many other sites as well. Google has managed to keep the users safe from the attackers but this incident has warned the internet gatekeepers to provide more secured environment to their users in the future.
As end users, we also need to be aware of these attacks and equip our systems with good antivirus software.
Do you feel that hackers will come up with more innovative ways to perform malicious activities? Use comments section to project your views.
TECHOSlovia