It's a Web Mining Odyssey, Part 3: YouTube Falls to Injected Mining Code

[Raevenlord]

Web mining's advent was the opening of a veritable Pandora's box when it comes to users' peace of mind while surfing the internet. What started with The Pirate Bay's implementation and ended up with a full-on browser war against these injected, unauthorized hijacks of users' electricity and computing resources has now taken to one of the world's most known and visited websites: YouTube.

Users of YouTube started getting heads-up that something might be wrong due to their antivirus protection kicking off some cryptocurrency mining warnings that seemed to only pop up when users were visiting YouTube. These warnings kept popping up even after a web browser change, and then, on Friday, researchers from TrendMicro touched upon the issue, saying that YouTube's web mining injections had led to a more than three-fold spike in the total number of cryptocurrency web mining warnings. Luckily, the web mining exploit wasn't deployed across the entire world: Trend Micro researchers said that the attackers behind the ads were abusing Google's DoubleClick ad platform to display them to YouTube visitors in select countries, including Japan, France, Taiwan, Italy, and Spain.





And this was a pretty aggressive miner as well, likely because its injectors knew it would be only a matter of time before their works were discovered (even so, TrendMicro says the miners went live on January 18th). The mining algorithm, which used publicly available Coinhive cryptomining code, hijacked 80% of users' CPU resources for the task - likely a way to reap as many reward as they could before their whole mining system was compromised. The attackers even went to the trouble of deploying a private web mining JavaScript code, so as to save themselves the 30% cut Coinhive takes for usage of its mining algorithms.



In an e-mail sent to The Register, a Google representative wrote:

"Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we've been monitoring actively. We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms." Which apparently wasn't really the case, as trend Micro reported there where ads whose lifetime exceeded one week before being taken down.

View at TechPowerUp Main Site

 

[CrAsHnBuRnXp]

All the more reason to run an adblocker and script blocker.

 

[erocker]

Greed finds a way.

 

[cdawall]

Cough "friday not frifday" @Raevenlord

 

[the54thvoid]

Greed finds a way.

Always. That's why the world is sack of shit right now.

 

[cryohellinc]

Scum creates scum viruses to generate more scum.

 

[Andromos]

I'm really curious what the total amount of bitcoin they managed to get is.

 

[R-T-B]

Scum creates scum viruses to generate more scum.

You could just as easily have just described ads.

The original Coinhive scripts license mandates an opt-out function. Sadly, these abusers don't give two shits about blatantly violating the TOS.

 

[Indra18]

soo monetizing was monetized ...

 

[Fluffmeister]

Next up... Ivorycoin, it's the same really, but you get bonus points for murdering elephants in the pursuit of money, and you get to sell the ivory too, win win!

 

[R-T-B]

Next up... Ivorycoin, it's the same really, but you get bonus points for murdering elephants in the pursuit of money, and you get to sell the ivory too, win win!

Send me $50.00 and I'll release a litecoin clone for you called Ivory Coin and give you 25% of the coins as it's founder. Then you can pretend you murdered a metric buttload of elephants.

Me? I just want 50 bucks with no responsibility. And hell, it's just as unique as fucking garlicoin. I made $100 on that shit in two nights earlier.

 

[lexluthermiester]

I have not encountered this. I have a mining blocker plugin and it has shown me no alerts on YouTube. It is possible that whatever ad network YouTube is using might have had a momentary problem. Anyone using an ad-blocker would simply not see the event.
EDIT; This is yet another reason why I block ads without exception.

 

[enxo218]

All the more reason to run an adblocker and script blocker.

eliminating the symptoms of a disease is not a cure for it

 

[lexluthermiester]

Greed finds a way.

Greed needs to find a way to show ads without being so invasive.

 

[Liviu Cojocaru]

I haven't sen this yet on my PC's, I use adblocker. I'll keep an eye on the resources usage.

 

[Red_Machine]

I haven't sen this yet on my PC's, I use adblocker. I'll keep an eye on the resources usage.

Yeah, a few times a day I'll take a look at my CPU monitor gadget to see if anything untoward is going on, and if it's unusually loaded I'll check with task manager to see what's taking up the CPU time. It's ridiculous that we have to be so vigilant these days.

 

[R-T-B]

eliminating the symptoms of a disease is not a cure for it

The cure is out of our hands unless you have a suggestion?

 

[CrAsHnBuRnXp]

eliminating the symptoms of a disease is not a cure for it

Works for me. Im not the one that needs to find the cure. Im the one just taking the medicine trying to stave the disease off.

 

[Liviu Cojocaru]

Yeah, a few times a day I'll take a look at my CPU monitor gadget to see if anything untoward is going on, and if it's unusually loaded I'll check with task manager to see what's taking up the CPU time. It's ridiculous that we have to be so vigilant these days.

These are normal downsides of the continuous evolution of technology imo

 

[enxo218]

The cure is out of our hands unless you have a suggestion?

transparency and regulation of crypocurrency and its transactions could be a start

 

[R-T-B]

transparency and regulation of crypocurrency and its transactions could be a start

BTC is already the most transparent currency in existence. I agree about regulation though.

 

[cdawall]

BTC is already the most transparent currency in existence. I agree about regulation though.

What regulation do you suggest? One of the main gains of crypto is the government does not control it, less corruption into the pot if you will.

 

[R-T-B]

What regulation do you suggest? One of the main gains of crypto is the government does not control it, less corruption into the pot if you will.

Mainly better tax reporting at point of exchange.

 

[cdawall]

Mainly better tax reporting at point of exchange.

That is not a currency regulation that is just a tax scheme.

 

[R-T-B]

That is not a currency regulation that is just a tax scheme.

Meh, semantics to me honestly.