Slashdot Mirror

← Back to Stories (view on slashdot.org)

Now Even YouTube Serves Ads With CPU-draining Cryptocurrency Miners (arstechnica.com)

Posted by msmash on from the closer-look dept.

YouTube was recently caught displaying ads that covertly leach off visitors' CPUs and electricity to generate digital currency on behalf of anonymous attackers, it was widely reported. From a report: Word of the abusive ads started no later than Tuesday, as people took to social media sites to complain their antivirus programs were detecting cryptocurrency mining code when they visited YouTube. The warnings came even when people changed the browser they were using, and the warnings seemed to be limited to times when users were on YouTube. On Friday, researchers with antivirus provider Trend Micro said the ads helped drive a more than three-fold spike in Web miner detections. They said the attackers behind the ads were abusing Google's DoubleClick ad platform to display them to YouTube visitors in select countries, including Japan, France, Taiwan, Italy, and Spain. The ads contain JavaScript that mines the digital coin known as Monero.

4 of 187 comments (clear)

  1. Comment removed by account_deleted · · Score: 3, Interesting

    Comment removed based on user account deletion

  2. Re:Distributing such small chunks can't be worth i by Albanach · · Score: 4, Interesting

    At least Chrome limits background tabs to 1% of CPU and will, in future, pause javascript entirely in those pages.

  3. And yet webmasters still don't get it. by Anonymous Coward · · Score: 2, Interesting

    I put up with adverts in newspapers and magazines because I understand they subsidise their production costs, but they don't track me and do shit behind my back.
    Same for TV
    Same for radio

    Yet more and more websites display 'please disable your adblocker'.

    NO. It's precisely because of shit like this that I run one and I have no intention of disabling it.
    You want to display adverts on your site to bring in revenue, fine I get that. But do it the old way, with simple graphics that don't run unvetted shit on your viewers machines.
    You want to block me from viewing your content 'cos I'm running an adblocker ? that's cool too, there's plenty of other sites out there.

  4. we need html6 without crossdomain content by Anonymous Coward · · Score: 2, Interesting

    1 why should there be content from domains not in the adress bar? (you dont expect there to be pepsi inside a can of coca cola!)
    2 site designers need to keep content on their own site! (if you dont own the content, link to it, dont steal it)
    3 100+ connections to load a single site is unacceptable! (and not cool to other users on public wifi)
    4 ssl/tls is worthless with crossdomain content! (and please support ipsec/dane certificates to stop the certificate marfia)
    5 all audio/videos should be click to play! (possible crossdomain, but need to be clicked just like any other links)
    6 crossdomain cookies, are just another name for tracking cookies! (you dont need cookies to track users on you own site!)
    7 external javascript libraries, are just as bad as windows dll hell and linux dependency nightmare. (just compile them into you page)
    8 for webapps you need to install/give premission, for them to use site x. (not have a stupid allow header on site x!)
    9 adsence/analytics is the real big brother wathing you. (and he is not alone..)
    but its not happening as long as the browser makers are in the pockets of the ad/spam supliers.