YouTube was recently caught displaying ads that covertly leach off visitors' CPUs and electricity to generate digital currency on behalf of anonymous attackers, it was widely reported. (...)
The ads contain JavaScript that mines the digital coin known as Monero. In nine out of 10 cases, the ads will use publicly available JavaScript provided by Coinhive, a cryptocurrency-mining service that's controversial because it allows subscribers to profit by surreptitiously using other people's computers. The remaining 10 percent of the time, the YouTube ads use private mining JavaScript that saves the attackers the 30 percent cut Coinhive takes. Both scripts are programmed to consume 80 percent of a visitor's CPU, leaving just barely enough resources for it to function.
"YouTube was likely targeted because users are typically on the site for an extended period of time," independent security researcher Troy Mursch told Ars. "This is a prime target for cryptojacking malware, because the longer the users are mining for cryptocurrency the more money is made." Mursch said a campaign from September that used the Showtime website to deliver cryptocurrency-mining ads is another example of attackers targeting a video site. (...)
As the problem of Web-based cryptomining has surged to almost epidemic proportions, a variety of AV programs have started warning of cryptocurrency-mining scripts hosted on websites and giving users the option of blocking the activity. While drive-by cryptocurrency mining is an abuse that drains visitors' electricity and computing resources, there's no indication that it installs ransomware or other types of malware, as long as people don't click on malicious downloads.
The ads contain JavaScript that mines the digital coin known as Monero. In nine out of 10 cases, the ads will use publicly available JavaScript provided by Coinhive, a cryptocurrency-mining service that's controversial because it allows subscribers to profit by surreptitiously using other people's computers. The remaining 10 percent of the time, the YouTube ads use private mining JavaScript that saves the attackers the 30 percent cut Coinhive takes. Both scripts are programmed to consume 80 percent of a visitor's CPU, leaving just barely enough resources for it to function.
"YouTube was likely targeted because users are typically on the site for an extended period of time," independent security researcher Troy Mursch told Ars. "This is a prime target for cryptojacking malware, because the longer the users are mining for cryptocurrency the more money is made." Mursch said a campaign from September that used the Showtime website to deliver cryptocurrency-mining ads is another example of attackers targeting a video site. (...)
As the problem of Web-based cryptomining has surged to almost epidemic proportions, a variety of AV programs have started warning of cryptocurrency-mining scripts hosted on websites and giving users the option of blocking the activity. While drive-by cryptocurrency mining is an abuse that drains visitors' electricity and computing resources, there's no indication that it installs ransomware or other types of malware, as long as people don't click on malicious downloads.
by Dan Goodin, Ars Technica | Read more:
Image: Diego Betto
[ed. I didn't catch this when it first came out, but cryptomining is apparently quite the 'thing' these days (thanks to Coinhive).]