YouTube has plugged a hole in its video platform that allowed adverts to surreptitiously siphon a user’s computer power to mine cryptocurrency.
Security firm Trend Micro discovered that adverts on YouTube appeared to be leaching power from the processor of a the computer or laptop on which YouTube was being accessed on.
The culprit was found to be malicious adverts that contained a hidden script for the Coinhive cryptocurrency miner, which quietly taped into a CPUs power to crunch the calculations needed to generate digital currencies like Bitcoin and Monero.
Trend Micro found that the malicious adverts had got onto YouTube by infiltrating Google’s DoubleClick network, which distributes advertising across the search giant’s sites and services.
Related: Bitcoin price
The security company quickly informed Google, which moved to seal the hole it had in its advertising network.
“Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we’ve been monitoring actively,” said a Google spokesperson.
“We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms.”
However, various people tweeting about encountering such adverts on YouTube, including how the malicious ads had been detected by some anti-virus software, would indicate that such sneaky cryptocurrency mining went on for around a week before it was knocked on its head.
— Diego Betto (@diegobetto) 25 January 2018
With the surging popularity of cryptocurrency, such clandestine mining referred to as ‘cryptojacking’, isn’t likely to go away anytime soon, especially if hackers can make an easy buck without too many people noticing.
Did you encounter any cryptocurrency mining adverts on YouTube? If so, let us know on our Facebook page or tweet @TrustedReviews.