Now even YouTube serves ads with CPU-draining cryptocurrency miners

["Dave Farber" <dave () farber net>]

---------- Forwarded message ---------
From: Dewayne Hendricks <dewayne () warpspeed com>
Date: Wed, Jan 31, 2018 at 3:19 PM
Subject: [Dewayne-Net] Now even YouTube serves ads with CPU-draining
cryptocurrency miners
To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>


[Note:  This item comes from friend Steve Goldstein.  DLH]

Now even YouTube serves ads with CPU-draining cryptocurrency miners
Ad campaign lets attackers profit while unwitting users watch videos.
By Dan Goodin
Jan 26 2018
<
https://arstechnica.com/information-technology/2018/01/now-even-youtube-serves-ads-with-cpu-draining-cryptocurrency-miners/
>

YouTube was recently caught displaying ads that covertly leach off
visitors' CPUs and electricity to generate digital currency on behalf of
anonymous attackers, it was widely reported.

Word of the abusive ads started no later than Tuesday, as people took to
social media sites to complain their antivirus programs were detecting
cryptocurrency mining code when they visited YouTube. The warnings came
even when people changed the browser they were using, and the warnings
seemed to be limited to times when users were on YouTube.

Great now my browser everytime I watch youtube... my anti virus always
blocking coinhive because malware . Idk much about it but this is getting
annoying and I need a solution please T n T

— Arung (@ArungLaksmana) January 23, 2018

Hey @avast_antivirus seems that you are blocking crypto miners (#coinhive)
in @YouTube #ads
Thank you :)https://t.co/p2JjwnQyxz

— Diego Betto (@diegobetto) January 25, 2018

Por lo visto @YouTube es muy gracioso y no le bastaba con bajarnos la
audiencia, ahora van y nos meten el JavaScript de Coinhive para utilizar
nuestros dispositivos para minar Monero! De verdad, @Google! Que leeches
estáis haciendo con YouTube?? pic.twitter.com/NzMUMlArJs

— ᛗ🦊ᛟErvoᛟ🦊ᛗ (@Mystic_Ervo) January 24, 2018

On Friday, researchers with antivirus provider Trend Micro said the ads
helped drive a more than three-fold spike in Web miner detections. They
said the attackers behind the ads were abusing Google's DoubleClick ad
platform to display them to YouTube visitors in select countries, including
Japan, France, Taiwan, Italy, and Spain.

The ads contain JavaScript that mines the digital coin known as Monero. In
nine out of 10 cases, the ads will use publicly available JavaScript
provided by Coinhive, a cryptocurrency-mining service that's controversial
because it allows subscribers to profit by surreptitiously using other
people's computers. The remaining 10 percent of the time, the YouTube ads
use private mining JavaScript that saves the attackers the 30 percent cut
Coinhive takes. Both scripts are programmed to consume 80 percent of a
visitor's CPU, leaving just barely enough resources for it to function.

"YouTube was likely targeted because users are typically on the site for an
extended period of time," independent security researcher Troy Mursch told
Ars. "This is a prime target for cryptojacking malware, because the longer
the users are mining for cryptocurrency the more money is made." Mursch
said a campaign from Septemberthat used the Showtime website to deliver
cryptocurrency-mining ads is another example of attackers targeting a video
site.

To add insult to injury, the malicious JavaScript in at least some cases
was accompanied by graphics that displayed ads for fake AV programs, which
scam people out of money and often install malware when they are run.

[snip]

Dewayne-Net RSS Feed: http://dewaynenet.wordpress.com/feed/
Twitter: https://twitter.com/wa8dzp



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20180131154119:14F435AA-06C7-11E8-8BED-D14E918F61A2
Powered by Listbox: http://www.listbox.com