This week, YouTube users discovered that their beloved media website was laden with some nasty surprises hidden in its ads. Hackers abused Google’s system and planted command scripts into YouTube ads with the intent of cryptocurrency mining and theft. Not only were user’s currencies mined, but their computer’s power as well, bringing them to a snail’s pace.
What Happened to the YouTube Ads?
So, how do these scripts even work? When they were sneakily installed, the new ads, laden with these scripts, were mixed into the ad lineup. Anyone in Japan, Taiwan, Italy, France, and Spain who were on YouTube at the time were affected. These new ads ran over the victims’ browsers to mine for the cryptoccurrency known as Monero (XMR). These virtual coins are worth around $320 per coin at time of writing, and are highly sought after. Thanks to users that had the antivirus Avast, which somehow managed to pick up the threat, Google was able to find and eliminate the ads. The “bad actors”, as they put it, have been since removed from all Google-related platforms.
— Martin Hamilton (@martin_hamilton) January 26, 2018
CoinHive Strikes Again
Since the hijacking program works in a simple manner, more hackers have been trying it out. First, the hacker installs the program into their ad. Next, the ad is injected into the ad lineup. Finally, once it’s been seen and/or clicked by an unsuspecting victim, it is already too late. However, the one saving grace for this whole problem was Avast. It’s likely that these hackers didn’t expect a free internet antivirus to be thorough enough to find out their scheme. Make sure you have a good antivirus on your computer if you’re going to surf the web. Most of all, be very careful what ads you click on.
So, is Google‘s security flawed? Could other potentially worse threats arise in the future? How can we prevent hacking? Let us know your thoughts in the comments!