Slashdot Mirror

← Back to Stories (view on slashdot.org)

Now Even YouTube Serves Ads With CPU-draining Cryptocurrency Miners (arstechnica.com)

Posted by msmash on from the closer-look dept.

YouTube was recently caught displaying ads that covertly leach off visitors' CPUs and electricity to generate digital currency on behalf of anonymous attackers, it was widely reported. From a report: Word of the abusive ads started no later than Tuesday, as people took to social media sites to complain their antivirus programs were detecting cryptocurrency mining code when they visited YouTube. The warnings came even when people changed the browser they were using, and the warnings seemed to be limited to times when users were on YouTube. On Friday, researchers with antivirus provider Trend Micro said the ads helped drive a more than three-fold spike in Web miner detections. They said the attackers behind the ads were abusing Google's DoubleClick ad platform to display them to YouTube visitors in select countries, including Japan, France, Taiwan, Italy, and Spain. The ads contain JavaScript that mines the digital coin known as Monero.

4 of 187 comments (clear)

  1. Chrome has Extensions for that by Anonymous Coward · · Score: 2, Informative

    One that comes to the top of my mind is Mineblock.
    It specifically blocks cryptominers of all kinds, even ones that the usual script blockers and other antimalware stuff miss.
    It's not the only one, and I'm sure that eventually the others will catch up to these types of extensions, but it's still relatively early days for this kind of infestation.

    Keep up to date on whatever you use, and those leeches won't find you an easy meal.

  2. Re:Distributing such small chunks can't be worth i by war4peace · · Score: 4, Informative

    Consider an algorithm such as Yescrypt (http://password-hashing.net/wiki/doku.php/yescrypt) which is a valid CPU cryptomining algorithm. My CPU (Broadwell i7 6800K) finds a share every 5 seconds with 11 threads running. I extrapolate a quad core CPU would find a share every 15-20 seconds. Those shares add up if the receiving wallet and mining pool are the same. This means wallet "iourthoesruithjvansoivrzupaweo" could have a swarm 10K workers mining for 30 seconds each on the same pool, and find 10K shares every 30 seconds.

    Let's see what this adds up to in terms of cash.

    My CPU (taken as reference) makes about 1.5 dollars a day. A Quad-core CPU (average desktop PC CPU) would make about 0.5 dollars a day through cryptomining. Multiply that by 10K miners (dynamic swarm), it adds up to 5K dollars a day. It's a hefty sum, assuming the website really has 10K active visitors at all times.

    1K active sessions would yield 500 bucks a day, 100 active sessions would net 50 bucks a day. Even 10 active sessions would be 5 dollars a day, every day. Not bad, I'd say.

    --
    ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
  3. Re: Where do you people go, anyway? by Anonymous Coward · · Score: 2, Informative

    Forbes

  4. Re:Ad Blockers by brewthatistrue · · Score: 3, Informative

    An arstechnica commenter mentioned NoCoin which is a standalone extension.
    https://arstechnica.com/inform...

    https://github.com/keraf/NoCoi...

    You can also take the URL they curate and then import it into your adblocker of choice.

    https://raw.githubusercontent....