There have been some ads on YouTube recently, created by a few unknown attackers, that have been slowing down YouTube users' computers, and using their CPUs and electricity to generate digital currency.
Reports of the ads first came out last week on Tuesday when a few YouTube users reported to the site that their antivirus systems were detecting cryptocurrency mining code only when they were visiting YouTube, even when they changed browsers.
“An analysis of the malvertisement-riddled pages revealed two different web miner scripts embedded and a script that displays the advertisement from DoubleClick,” said Trend Micro, concluding that the ads were being displayed to select countries, like Japan, France, Taiwan, Italy and Spain. “We speculate that the attackers’ use of these advertisements on legitimate websites is a ploy to target a larger number of users, in comparison to only that of compromised devices.”
"YouTube was likely targeted because users are typically on the site for an extended period of time," independent security researcher Troy Mursch told Ars Technica. "This is a prime target for cryptojacking malware, because the longer the users are mining for cryptocurrency the more money is made."
A Google representative has responded to the situation. Here is what the representative has to say:
“Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we’ve been monitoring actively. We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms.”
However, despite the representative claiming that the ads were blocked in less than two hours, Trend Micro, along with other YouTube users, has shown evidence that suggests the ads have been running for as long as a week.