YouTube ads found to be mining Monero cryptocurrency

Andrew Munro 29 January 2018

shutterstock computer bug virus 738x410

A new spate of cryptojacking ads has been found on YouTube, in some cases doubled up with more traditional malware.

Cryptojacking is when someone uses your computing power without permission to mine cryptocurrency for themselves. Cryptojacking will often happen when visiting malicious or compromised websites, and will often take the form of popup ads.

Now a new variety of cryptojacking ads has been uncovered on YouTube, running in the top right advertisement corner. But instead of simply being annoying, they consume large amounts of computing power to mine cryptocurrency for their owner.

In this case, they were programmed to consume up to 80% of the viewers' computing power, and mine the Monero (XMR) cryptocurrency, reports Ars Technica. The cryptojackers were caught by adblockers, and appear to have been widely rolled out in countries including Spain, Italy, Japan and Taiwan.

According to Trend Micro, this cryptojacking ad campaign started 18 January and resulted in a more than three-fold spike in cryptojacker detections.



YouTube was likely targeted because people are on the site for a considerable amount of time, explained security researcher Troy Mursch to Ars Technica. The longer people stay there, the longer the miners can leech their computing power.

Around 90% of the cryptojacking ads used a publicly available CoinHive script. CoinHive is essentially an open source cryptojacking code supplier that takes 30% of the profits when its code is used. Sometimes the cryptojacking ads would also be doubled up with more conventional malicious ads, inviting people to click and download malware to their computers.

Like most cryptojacking ads, these would stop running once the user closes YouTube or leaves that page. But if they ended up downloading and running the malware version, it might start up again once their computer boots up.

When Ars Technica contacted Google for a comment, it confirmed that cryptojacking through advertisements violates its policies and that it had taken steps to make sure "the malicious actors were quickly removed from our platforms".

A beginner's guide to cryptocurrency


This information should not be interpreted as an endorsement of cryptocurrency or any specific provider, service or offering. It is not a recommendation to trade. Cryptocurrencies are speculative, complex and involve significant risks – they are highly volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of future performance. Consider your own circumstances, and obtain your own advice, before relying on this information. You should also verify the nature of any product or service (including its legal status and relevant regulatory requirements) and consult the relevant Regulators' websites before making any decision. Finder, or the author, may have holdings in the cryptocurrencies discussed.

Latest cryptocurrency news

Picture: Shutterstock

Latest crypto guides

Ask an Expert

You are about to post a question on finder.com.au:

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • finder.com.au is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, read the PDS or seek advice before you decide to act on our content. By submitting a question, you're accepting our Terms and Conditions and Privacy Policy.
Ask a question
Go to site