Youtube’s ad campaign program unknowingly allows attackers to mine digital currency by allowing them to serve ads with CPU-draining cryptocurrency miners.

Youtube, an American video-sharing website based in San Bruno, California, serves ads that can covertly leach off its users’ CPUs as well as electricity to mine digital currencies. It has been reported that Youtube unknowingly does this on behalf of anonymous attackers.

News about the abusive ads started to circulate on January 23, 2018, after a lot of people expressed their concerns and complained via social media.

According to them, the antivirus programs they have on their computers detected cryptocurrency mining codes whenever they visited YouTube. Even after they changed the browsers they were using, warnings still popped up and only happened when they opened YouTube.

Arung (@ArungLaksama) complained on Twitter and said:

“Great now my browser every time I watch youtube... my anti-virus always blocking coinhive because of malware. Idk much about it but this is getting annoying, and I need a solution please T n T.”

Diego Betto also posted on Twitter andon his website that he found a crypto miner from Coinive in Youtube ads.

How cryptojacking works?

Cryptojacking is known as a relatively new malware issue. However, it gradually becomes a widespread problem. Cryptojackers inject a piece of JavaScript into ads and websites that can harness the users’ CPUs to mine digital currencies.

The latest network being targeted by cryptojackers is none other than Youtube, Google’s advertising service.

Rhett Jones said that a direct source who knows how Youtube handles the abusive ads stated that the two-hour measurement was just being applied to each ad run by the hackers and not the ads en masse.

A cryptojacker creates a clear account and submits a clean ad to Youtube. After Youtube approves it, the ad will go live. Cloaking methods will be used to subvert Youtube’s system to swap the clean ad to another one that has a malicious script in it.

After a few hours, the ad will be detected and taken down. The cryptojacker’s account will be deleted and then a new clean account will be created and all the steps will be repeated.