Crypto-jacking: hackers insert JavaScript into YouTube ads


Hackers have managed to put the CoinHive mining scirpt through Google’s advertising services. Affected Italy, Spain, Japan, France and Taiwan.

The dark side of youtube

Crop-jacker big shot: this time the JavaScript for the generation of crypto-currency has even ended up in the advertisements included in YouTube.

The attack was identified by Trend Micro, which in a report published on the Internet explains how the attack worked, launched on January 23 last year.

It is on that date, in fact, that security analysts have detected a 285% increase in scripts related to CoinHive, the crypto-currency generation tool (Monero) that is making the security experts lose sleep.


According to researchers, cybercriminals managed to insert JavaScript into advertisements displayed on YouTube, using a system that randomly initiated one of the two pirated miners.

The curious system implemented by pirates uses a JavaScript that generates a variable between 0 and 101. If it is more than 10, start CoinHive. In the remaining cases it exploits a different miner, which in any case drains system resources.

Both, in any case, used 80% of the processing power of the processor of those who visited the page to generate crypto-currency. According to the researchers, the ads ended up on YouTube in several countries, including Italy, Spain, France, Japan and Taiwan.

The use of CoinHive on sites dedicated to video streaming is not new and has its own logic: since video playback engages the system resources quite a lot, it is easier for the script to go unnoticed.


Leave A Reply