Late last week YouTube users started to receive alerts from their anti-virus software that some uninvited guests were trying to hijack their CPUs. The tricky trespassers were eventually tracked down and identified as ‘Crypto-miners’. The attack started with a slow roll-out on January 18 and then ramped up dramatically on January 23. According to TipRanks Crypto Center Monero, the cryptocurrency in question moved from $309 to $329 between Jan 23 and 28. However, as of January 31, it’s down to $279.
The hackers’ goal was to harness the CPU horsepower of hundreds of thousands of computers via a malware called CoinHive. CoinHive’s nefarious code was hidden in Google’s DoubleClick ads. (More on the Frankenstein’s monster that is CoinHive below.)
Cryptocurrency is mined by solving complex cryptography puzzles. This requires an enormous amount of costly, and energy-intensive computer processing power. That cost and complexity have served as a catalyst for some crooked crypto-miners to hijack unsuspecting YouTube users’ computers, and secretly put them to work mining for crypto coins.
Alphabet Inc (NASDAQ:GOOGL), the online advertising giant and parent company of YouTube has had some trouble with the task of staying one-step ahead of hackers. The cyber-crooks have recently set their sights on exploiting weaknesses in Google’s DoubleClick Ad platform. Google released a statement about the incident and the ever-evolving threat: “We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge, … In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed.”
This specific type of malware attack is referred to as ‘Cryptojacking’ and it’s quickly becoming a significant threat. According to Bogdan Botezatu, the senior threat analyst at the cybersecurity firm Bitdefender, “Ransomware is the number one infection globally, … Cryptominers rank second.”
So why would anyone consent to having their computer used to mine for cryptocurrency? To answer your question, one of the earliest adopters was The Pirate Bay, a site synonymous with stealing copyrighted material. The owners of Pirate Bay likely figured that users would be fine with temporarily giving up some CPU power in return for getting their paws on some free loot. Other examples of compliant consumers might be users of adult content sites like PornHub. The idea is quite simple. While users sit back and enjoy the show, their computers are put to work mining for the cryptocurrency. The websites offering the free content split the profits from the coins mined with CoinHive, and everyone comes out a winner.
What could possibly go wrong?
It wasn’t long before hackers started… well, hacking. The bandits would break into websites and covertly plant the CoinHive code, all without the knowledge of the website owners. A hacker running this scam could potentially hide the code in hundreds of websites without the owner’s permission. Those websites could each have thousands of visitors, all of them now mining cryptocurrency for the hacker.
Eventually, hackers set their sights on the ultimate prize. With more than 1.5 billion users watching an average of 60 minutes a day, YouTube was just too big to resist. In a scene reminiscent of Game of Thrones, the crypto jackers’ goal was to raise a massive army of zombie crypto-miners from the hordes of avid YouTube watchers.
Things didn’t go well for the crypto-jackers. They were eventually felled by their own hubris and some antivirus updates. In addition, several clear-eyed users spotted the 80% spike in their CPU usage and began to report the problem. The lesson here for hackers is simple: if you try and harpoon the biggest whale, you’ll likely get hit by its very large tail.