YouTube ads exposed to mining codes, encroaching on 80% of a user's CPU resources

Click on the "above"CSDN", select "Top Public No. "

Key moments, first time delivery!

Foreign media Ars Technica recently reported thatSome of the YouTube ads were found to contain scripts for mining Monroe coins.

Some YouTube video users receiveMining script alarm detection

Starting at least last Tuesday,Users of the YouTube video site received a warning from the anti-virus software that pops up on YouTube. AndEven if the user changes the browser, the warning will still appear, as if it were limited to when the user is browsing on YouTube.

The attackers abused Google's DoubleClick advertising platform to selectively display ads containing mining scripts to visitors from some countries, including Japan, France, Taiwan, Italy and Spain, researchers said on Friday.

These ads contain JavaScript scripts that can mine aMonroe Coin's New Encrypted Virtual Currency。 Of the 10 known cases, 9 used publicly available JavaScript scripts provided by Coinhive (this is a controversial cryptocurrency mining service that allows users to use someone else's computer secretly), and 1 case using a private JavaScript script suit To do business -Both scripts consume 80% of the CPU resources.

Troy Mursch, an independent security researcher, said:The longer users spend mining cryptocurrencies, the more money they make,So YouTube is probably targeted because users typically spend a lot of time on it -- which is also the primary goal of encrypted malware. Mursch said the attack last September, when it was launched to provide cryptocurrency mining ads on showtime, was another example of a video site.

Google says it has now removed malicious mining scripts

To increase damage, in some cases malicious JavaScript scripts display fake program ads in the form of images and often install malware at runtime.

Mining cryptocurrencies through advertising is a relatively new form of abuse.It is not immediately clear how many coins the user produced.In response, Google said malicious ads had been blocked in less than two hours and removed from the platform. But for maliciousSpecific time when the ad starts and ends, etc.Google officials did not respond to questions.

Users should not click on unidentified ads at will, so as not to cause malicious infringement of mining code

Monroe is more anonymous than previous Bitcoins, and the user is completely hidden when trading, and is warmly welcomed by the miners.It currently fluctuates between $300 and $400 and is generally on the rise, with more hijackviruses expected to occur on the network.

ButWhile cryptocurrency mining ad scripts can drain users' power and computing resources, there is no indication that they will install ransomware or other types of malware.So remind users not to download files and click on unidentified ads on the web.