Monday, January 29th 2018

It's a Web Mining Odyssey, Part 3: YouTube Falls to Injected Mining Code

Web mining's advent was the opening of a veritable Pandora's box when it comes to users' peace of mind while surfing the internet. What started with The Pirate Bay's implementation and ended up with a full-on browser war against these injected, unauthorized hijacks of users' electricity and computing resources has now taken to one of the world's most known and visited websites: YouTube.

Users of YouTube started getting heads-up that something might be wrong due to their antivirus protection kicking off some cryptocurrency mining warnings that seemed to only pop up when users were visiting YouTube. These warnings kept popping up even after a web browser change, and then, on Friday, researchers from TrendMicro touched upon the issue, saying that YouTube's web mining injections had led to a more than three-fold spike in the total number of cryptocurrency web mining warnings. Luckily, the web mining exploit wasn't deployed across the entire world: Trend Micro researchers said that the attackers behind the ads were abusing Google's DoubleClick ad platform to display them to YouTube visitors in select countries, including Japan, France, Taiwan, Italy, and Spain.
And this was a pretty aggressive miner as well, likely because its injectors knew it would be only a matter of time before their works were discovered (even so, TrendMicro says the miners went live on January 18th). The mining algorithm, which used publicly available Coinhive cryptomining code, hijacked 80% of users' CPU resources for the task - likely a way to reap as many reward as they could before their whole mining system was compromised. The attackers even went to the trouble of deploying a private web mining JavaScript code, so as to save themselves the 30% cut Coinhive takes for usage of its mining algorithms.
In an e-mail sent to The Register, a Google representative wrote:

"Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we've been monitoring actively. We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms." Which apparently wasn't really the case, as trend Micro reported there where ads whose lifetime exceeded one week before being taken down.
Sources: Trend Micro, Twitter user @ Mystic_Ervo, via Ars Technica, The Register
Add your own comment

24 Comments on It's a Web Mining Odyssey, Part 3: YouTube Falls to Injected Mining Code

#1
CrAsHnBuRnXp
All the more reason to run an adblocker and script blocker.
Posted on Reply
#2
erocker
*
Greed finds a way. :(
Posted on Reply
#4
the54thvoid
Super Intoxicated Moderator
erockerGreed finds a way. :(
Always. That's why the world is sack of shit right now.
Posted on Reply
#5
cryohellinc
Scum creates scum viruses to generate more scum.
Posted on Reply
#6
Andromos
I'm really curious what the total amount of bitcoin they managed to get is.
Posted on Reply
#7
R-T-B
cryohellincScum creates scum viruses to generate more scum.
You could just as easily have just described ads.

The original Coinhive scripts license mandates an opt-out function. Sadly, these abusers don't give two shits about blatantly violating the TOS.
Posted on Reply
#8
Indra18
soo monetizing was monetized ...:D
Posted on Reply
#9
Fluffmeister
Next up... Ivorycoin, it's the same really, but you get bonus points for murdering elephants in the pursuit of money, and you get to sell the ivory too, win win!
Posted on Reply
#10
R-T-B
FluffmeisterNext up... Ivorycoin, it's the same really, but you get bonus points for murdering elephants in the pursuit of money, and you get to sell the ivory too, win win!
Send me $50.00 and I'll release a litecoin clone for you called Ivory Coin and give you 25% of the coins as it's founder. Then you can pretend you murdered a metric buttload of elephants.

Me? I just want 50 bucks with no responsibility. And hell, it's just as unique as fucking garlicoin. I made $100 on that shit in two nights earlier.
Posted on Reply
#11
lexluthermiester
I have not encountered this. I have a mining blocker plugin and it has shown me no alerts on YouTube. It is possible that whatever ad network YouTube is using might have had a momentary problem. Anyone using an ad-blocker would simply not see the event.
EDIT; This is yet another reason why I block ads without exception.
Posted on Reply
#12
enxo218
CrAsHnBuRnXpAll the more reason to run an adblocker and script blocker.
eliminating the symptoms of a disease is not a cure for it
Posted on Reply
#13
lexluthermiester
erockerGreed finds a way. :(
Greed needs to find a way to show ads without being so invasive.
Posted on Reply
#14
Liviu Cojocaru
I haven't sen this yet on my PC's, I use adblocker. I'll keep an eye on the resources usage.
Posted on Reply
#15
Red_Machine
Liviu CojocaruI haven't sen this yet on my PC's, I use adblocker. I'll keep an eye on the resources usage.
Yeah, a few times a day I'll take a look at my CPU monitor gadget to see if anything untoward is going on, and if it's unusually loaded I'll check with task manager to see what's taking up the CPU time. It's ridiculous that we have to be so vigilant these days.
Posted on Reply
#16
R-T-B
enxo218eliminating the symptoms of a disease is not a cure for it
The cure is out of our hands unless you have a suggestion?
Posted on Reply
#17
CrAsHnBuRnXp
enxo218eliminating the symptoms of a disease is not a cure for it
Works for me. Im not the one that needs to find the cure. Im the one just taking the medicine trying to stave the disease off.
Posted on Reply
#18
Liviu Cojocaru
Red_MachineYeah, a few times a day I'll take a look at my CPU monitor gadget to see if anything untoward is going on, and if it's unusually loaded I'll check with task manager to see what's taking up the CPU time. It's ridiculous that we have to be so vigilant these days.
These are normal downsides of the continuous evolution of technology imo
Posted on Reply
#19
enxo218
R-T-BThe cure is out of our hands unless you have a suggestion?
transparency and regulation of crypocurrency and its transactions could be a start
Posted on Reply
#20
R-T-B
enxo218transparency and regulation of crypocurrency and its transactions could be a start
BTC is already the most transparent currency in existence. I agree about regulation though.
Posted on Reply
#21
cdawall
where the hell are my stars
R-T-BBTC is already the most transparent currency in existence. I agree about regulation though.
What regulation do you suggest? One of the main gains of crypto is the government does not control it, less corruption into the pot if you will.
Posted on Reply
#22
R-T-B
cdawallWhat regulation do you suggest? One of the main gains of crypto is the government does not control it, less corruption into the pot if you will.
Mainly better tax reporting at point of exchange.
Posted on Reply
#23
cdawall
where the hell are my stars
R-T-BMainly better tax reporting at point of exchange.
That is not a currency regulation that is just a tax scheme. ;)
Posted on Reply
#24
R-T-B
cdawallThat is not a currency regulation that is just a tax scheme. ;)
Meh, semantics to me honestly. :laugh:
Posted on Reply
Add your own comment
Dec 28th, 2024 21:59 EST change timezone

New Forum Posts

Popular Reviews

Controversial News Posts