{"id":19546,"date":"2018-02-05T08:40:24","date_gmt":"2018-02-05T13:40:24","guid":{"rendered":"https:\/\/www.kaspersky.co.za\/blog\/miners-in-youtube-ads\/19546\/"},"modified":"2020-10-13T13:56:20","modified_gmt":"2020-10-13T11:56:20","slug":"miners-in-youtube-ads","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.za\/blog\/miners-in-youtube-ads\/19546\/","title":{"rendered":"Cryptocurrency miners in Youtube ads"},"content":{"rendered":"

More often than not, people knowingly install miners<\/a> on their computers in an attempt to cash in on the cryptocurrency craze. However, in 2017, attackers got the idea of planting hidden miners<\/a> in other people\u2019s computers through special malware loaders with the goal of earning more by feeding off someone else\u2019s hardware and electricity.<\/p>\n

Next, the shrewd extractors of cost-free cryptocurrency learned how to embed<\/a> otherwise harmless scripts (Web miners) in websites, and to make use of multiple victims\u2019 computers without having to install malware on each of them. That way, they maximized their victims, which also included smartphone users.<\/p>\n

Now, cybercriminals have come up with a new scheme: Instead of embedding mining scripts in the code of a website, some bright spark decided to embed them in YouTube ads<\/a> and thus spread them across multiple pages and videos without the attackers having to do anything.<\/p>\n

How mining through advertising works<\/h2>\n

The key point is that JavaScript code can be embedded in ads. Usually it\u2019s done to create interactivity: Click to shoot down the plane!<\/em>, for example. Or to track user behavior: So-and-so watched cat videos for 10 minutes, so next time show cat food ads.<\/em> But there\u2019s nothing to prevent cybercrooks from similarly embedding JavaScript Web miners, the most notorious being Coinhive.<\/p>\n

Anyway, the basic mechanism is the same whatever the Web miner: You go to the site and play a video, and then your computer starts generating cryptocurrency for the script\u2019s \u201cproviders\u201d\u00a0\u2014\u00a0and everything on your end is horribly sluggish as a result.<\/p>\n

What\u2019s more, the cybercriminals even have the cheek to offer fake antivirus solutions in banners containing the hidden miner. After clicking on the banner and downloading the program, the user gets infected instead of protected.<\/p>\n

It\u2019s no accident that hosted videos have become a favorite attack platform. First, as we already said, the mechanism for displaying ads on a site does most of the attackers\u2019 work for them in terms of distribution. By the way, a curious fact: Web-mining cybercriminals seem to prefer audiences in France, Spain, Italy, Japan, and Taiwan\u00a0\u2014 it\u2019s in these countries that malicious videos are most prevalent.<\/p>\n

Also, people spend a lot of time on YouTube, and the longer the computer works on generating cryptocurrency, the more it will create. Lastly, users trust well-established sites like YouTube, especially now that Google is behind it. So if a video starts acting up, users are more likely to pin the blame on their Internet connection or background software, not problems with video-hosting security.<\/p>\n\n

So your computer is doing a spot of mining for someone else \u2014 what\u2019s the big deal? Why not just admire their skill and let the cybercriminals earn a couple of cryptocoins?<\/p>\n

Well, for one thing, you\u2019re wasting electricity and having your enjoyment spoiled while making someone else rich. Is that what you want? Second, when your computer\u2019s on its last legs with smoke pouring from its vents, will you praise the invention of cryptocurrency or curse it?<\/p>\n

If someone is mining on your machine without your knowledge, you have bad news that could get worse. Want to use Photoshop to edit some pics while playing your favorite YouTube mix in the background? You (or rather your computer) will get hot just opening the program. Same for games.<\/p>\n

Web-mining schemes are getting more sophisticated, but it\u2019s still fairly simple to stay safe. The main thing is to look after computer security and install a decent antivirus solution. Kaspersky Plus<\/a>, for example, can detect such scripts on any website. With it installed, no one can hijack your machine to mine cryptocurrency, let alone deliver Trojans or conventional hidden miners, which are still making the rounds.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

While you\u2019re watching YouTube, someone might just be using your device to mine cryptocurrency.<\/p>\n","protected":false},"author":2484,"featured_media":19547,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2670],"tags":[1510,374,1035,1278,2646,80,1134,2645,97,422,2767],"class_list":{"0":"post-19546","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-advertising","9":"tag-bitcoin","10":"tag-blockchain","11":"tag-browsers","12":"tag-cryptocurrencies","13":"tag-fraud","14":"tag-internet","15":"tag-mining","16":"tag-security-2","17":"tag-threats","18":"tag-web-miners"},"hreflang":[{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/miners-in-youtube-ads\/19546\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/miners-in-youtube-ads\/12445\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/miners-in-youtube-ads\/10316\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/miners-in-youtube-ads\/14605\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/miners-in-youtube-ads\/12847\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/miners-in-youtube-ads\/12421\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/miners-in-youtube-ads\/15257\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/miners-in-youtube-ads\/15006\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/miners-in-youtube-ads\/19587\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/miners-in-youtube-ads\/4694\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/miners-in-youtube-ads\/21025\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/miners-in-youtube-ads\/8873\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/miners-in-youtube-ads\/15835\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/miners-in-youtube-ads\/19476\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/miners-in-youtube-ads\/19543\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.za\/blog\/tag\/threats\/","name":"threats"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/19546","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/users\/2484"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/comments?post=19546"}],"version-history":[{"count":9,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/19546\/revisions"}],"predecessor-version":[{"id":28109,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/19546\/revisions\/28109"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media\/19547"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media?parent=19546"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/categories?post=19546"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/tags?post=19546"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}