Reports indicate that Alphabet Inc (NASDAQ:GOOGL) YouTube was recently a victim of cryptojacking. This is where computers are hijacked using malware for the purposes of mining virtual currencies by anonymous attackers. In the case of YouTube the malware was detected by users who were alerted by their antivirus programs that cryptocurrency mining code had been detected when they visited the video-sharing platform.
Besides being notified by their anti-virus software some users also noticed that their devices had slowed down significantly. All browsers were affected and even users switched from one to the other, the warnings were still observed.
The malware had been placed in the adverts that YouTube displays when streaming videos. For the unscrupulous miners of virtual currencies YouTube was an attractive target because of its popularity. This is because with the mining of digital coins, the more the computers available for mining the better since mining cryptocurrencies relies on a large computer network for the verification and generation of new coins. The more machines a miner has, the more the digital coins they are manage to get.
“YouTube was likely targeted because users are typically on the site for an extended period of time. This is a prime target for cryptojacking malware, because the longer the users are mining for cryptocurrency the more money is made,” Troy Mursch, an independent security researcher, told Ars Technica.
Coinhive mining code
Trend Micro, a computer security firm, took credit for detecting the malicious adverts. According to two computer security researchers at Trend Micro, Joseph Chen and Chaoying Liu, what helped the firm detect the malware was the sudden increase in malicious coin-mining scripts nabbed. After investigations a lot of ads were found to possess mining code associated with Coinhive.
Whenever the malware was triggered on the computers of the victims, about 80% of the processing power would be taken over and allocated to the generation of coins. The attackers mostly targeted machines located in Spain, Italy, Taiwan, France, and Japan.
Following their investigations Trend Micro then notified Google who blocked the ads within hours and the culprits booted from the platform. Additionally the Mountain View, California-based giant admitted that they had been monitoring the emergence of cryptojacking for a while now.