It's a Web Mining Odyssey, Part 3: YouTube Falls to Injected Mining Code

Raevenlord · Jan 29, 2018

Web mining's advent was the opening of a veritable Pandora's box when it comes to users' peace of mind while surfing the internet. What started with The Pirate Bay's implementation and ended up with a full-on browser war against these injected, unauthorized hijacks of users' electricity and computing resources has now taken to one of the world's most known and visited websites: YouTube.

Users of YouTube started getting heads-up that something might be wrong due to their antivirus protection kicking off some cryptocurrency mining warnings that seemed to only pop up when users were visiting YouTube. These warnings kept popping up even after a web browser change, and then, on Friday, researchers from TrendMicro touched upon the issue, saying that YouTube's web mining injections had led to a more than three-fold spike in the total number of cryptocurrency web mining warnings. Luckily, the web mining exploit wasn't deployed across the entire world: Trend Micro researchers said that the attackers behind the ads were abusing Google's DoubleClick ad platform to display them to YouTube visitors in select countries, including Japan, France, Taiwan, Italy, and Spain.

And this was a pretty aggressive miner as well, likely because its injectors knew it would be only a matter of time before their works were discovered (even so, TrendMicro says the miners went live on January 18th). The mining algorithm, which used publicly available Coinhive cryptomining code, hijacked 80% of users' CPU resources for the task - likely a way to reap as many reward as they could before their whole mining system was compromised. The attackers even went to the trouble of deploying a private web mining JavaScript code, so as to save themselves the 30% cut Coinhive takes for usage of its mining algorithms.

In an e-mail sent to The Register, a Google representative wrote:

"Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we've been monitoring actively. We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms." Which apparently wasn't really the case, as trend Micro reported there where ads whose lifetime exceeded one week before being taken down.

View at TechPowerUp Main Site

CrAsHnBuRnXp · Jan 29, 2018

All the more reason to run an adblocker and script blocker.

erocker · Jan 29, 2018

Greed finds a way.

cdawall · Jan 29, 2018

Cough "friday not frifday" @Raevenlord

the54thvoid · Jan 29, 2018

erocker said:
Greed finds a way.

Always. That's why the world is sack of shit right now.

cryohellinc · Jan 29, 2018

Scum creates scum viruses to generate more scum.

Deleted member 172048 · Jan 29, 2018

I'm really curious what the total amount of bitcoin they managed to get is.

R-T-B · Jan 29, 2018

cryohellinc said:
Scum creates scum viruses to generate more scum.

You could just as easily have just described ads.

The original Coinhive scripts license mandates an opt-out function. Sadly, these abusers don't give two shits about blatantly violating the TOS.

Indra18 · Jan 29, 2018

soo monetizing was monetized ...

Fluffmeister · Jan 30, 2018

Next up... Ivorycoin, it's the same really, but you get bonus points for murdering elephants in the pursuit of money, and you get to sell the ivory too, win win!

R-T-B · Jan 30, 2018

Fluffmeister said:
Next up... Ivorycoin, it's the same really, but you get bonus points for murdering elephants in the pursuit of money, and you get to sell the ivory too, win win!

Send me $50.00 and I'll release a litecoin clone for you called Ivory Coin and give you 25% of the coins as it's founder. Then you can pretend you murdered a metric buttload of elephants.

Me? I just want 50 bucks with no responsibility. And hell, it's just as unique as fucking garlicoin. I made $100 on that shit in two nights earlier.

lexluthermiester · Jan 30, 2018

I have not encountered this. I have a mining blocker plugin and it has shown me no alerts on YouTube. It is possible that whatever ad network YouTube is using might have had a momentary problem. Anyone using an ad-blocker would simply not see the event.
EDIT; This is yet another reason why I block ads without exception.

enxo218 · Jan 30, 2018

CrAsHnBuRnXp said:
All the more reason to run an adblocker and script blocker.

eliminating the symptoms of a disease is not a cure for it

lexluthermiester · Jan 30, 2018

erocker said:
Greed finds a way.

Greed needs to find a way to show ads without being so invasive.

Liviu Cojocaru · Jan 30, 2018

I haven't sen this yet on my PC's, I use adblocker. I'll keep an eye on the resources usage.

Red_Machine · Jan 30, 2018

Liviu Cojocaru said:
I haven't sen this yet on my PC's, I use adblocker. I'll keep an eye on the resources usage.

Yeah, a few times a day I'll take a look at my CPU monitor gadget to see if anything untoward is going on, and if it's unusually loaded I'll check with task manager to see what's taking up the CPU time. It's ridiculous that we have to be so vigilant these days.

R-T-B · Jan 30, 2018

enxo218 said:
eliminating the symptoms of a disease is not a cure for it

The cure is out of our hands unless you have a suggestion?

CrAsHnBuRnXp · Jan 30, 2018

enxo218 said:
eliminating the symptoms of a disease is not a cure for it

Works for me. Im not the one that needs to find the cure. Im the one just taking the medicine trying to stave the disease off.

Liviu Cojocaru · Jan 30, 2018

Red_Machine said:
Yeah, a few times a day I'll take a look at my CPU monitor gadget to see if anything untoward is going on, and if it's unusually loaded I'll check with task manager to see what's taking up the CPU time. It's ridiculous that we have to be so vigilant these days.

These are normal downsides of the continuous evolution of technology imo

enxo218 · Jan 31, 2018

R-T-B said:
The cure is out of our hands unless you have a suggestion?

transparency and regulation of crypocurrency and its transactions could be a start

R-T-B · Jan 31, 2018

enxo218 said:
transparency and regulation of crypocurrency and its transactions could be a start

BTC is already the most transparent currency in existence. I agree about regulation though.

cdawall · Jan 31, 2018

R-T-B said:
BTC is already the most transparent currency in existence. I agree about regulation though.

What regulation do you suggest? One of the main gains of crypto is the government does not control it, less corruption into the pot if you will.

R-T-B · Jan 31, 2018

cdawall said:
What regulation do you suggest? One of the main gains of crypto is the government does not control it, less corruption into the pot if you will.

Mainly better tax reporting at point of exchange.

cdawall · Jan 31, 2018

R-T-B said:
Mainly better tax reporting at point of exchange.

That is not a currency regulation that is just a tax scheme.

R-T-B · Jan 31, 2018

cdawall said:
That is not a currency regulation that is just a tax scheme.

Meh, semantics to me honestly. :laugh:

System Name	The Ryzening
Processor	AMD Ryzen 9 5900X
Motherboard	MSI X570 MAG TOMAHAWK
Cooling	Lian Li Galahad 360mm AIO
Memory	32 GB G.Skill Trident Z F4-3733 (4x 8 GB)
Video Card(s)	Gigabyte RTX 3070 Ti
Storage	Boot: Transcend MTE220S 2TB, Kintson A2000 1TB, Seagate Firewolf Pro 14 TB
Display(s)	Acer Nitro VG270UP (1440p 144 Hz IPS)
Case	Lian Li O11DX Dynamic White
Audio Device(s)	iFi Audio Zen DAC
Power Supply	Seasonic Focus+ 750 W
Mouse	Cooler Master Masterkeys Lite L
Keyboard	Cooler Master Masterkeys Lite L
Software	Windows 10 x64

Processor	Intel i9 9900K @5GHz w/ Corsair H150i Pro CPU AiO w/Corsair HD120 RBG fan
Motherboard	Asus Z390 Maximus XI Code
Cooling	6x120mm Corsair HD120 RBG fans
Memory	Corsair Vengeance RGB 2x8GB 3600MHz
Video Card(s)	Asus RTX 3080Ti STRIX OC
Storage	Samsung 970 EVO Plus 500GB , 970 EVO 1TB, Samsung 850 EVO 1TB SSD, 10TB Synology DS1621+ RAID5
Display(s)	Corsair Xeneon 32" 32UHD144 4K
Case	Corsair 570x RBG Tempered Glass
Audio Device(s)	Onboard / Corsair Virtuoso XT Wireless RGB
Power Supply	Corsair HX850w Platinum Series
Mouse	Logitech G604s
Keyboard	Corsair K70 Rapidfire
Software	Windows 11 x64 Professional
Benchmark Scores	Firestrike - 23520 Heaven - 3670

Processor	AMD Ryzen 7 7800X3D
Motherboard	ASUS TUF x670e-Plus Wifi
Cooling	EK AIO 360. Phantek T30 fans.
Memory	64GB G.Skill 6000Mhz
Video Card(s)	Asus RTX 4090
Storage	WD/Samsung m.2's
Display(s)	LG C2 Evo OLED 42"
Case	Fractal Design North
Audio Device(s)	Topping E70 DAC, SMSL SP200 Amp, Adam Audio T5V's, Hifiman Sundara's.
Power Supply	FSP Hydro Ti PRO 1000W
Mouse	Razer Basilisk V3 Pro
Keyboard	Epomaker 84 key
Software	Windows 11 Pro

System Name	Moving into the mobile space
Processor	7940HS
Motherboard	HP trash
Cooling	HP trash
Memory	2x8GB
Video Card(s)	4070 mobile
Storage	512GB+2TB NVME
Display(s)	some 165hz thing that isn't as nice as it sounded

Processor	Ryzen 7800X3D
Motherboard	MSI MAG Mortar B650 (wifi)
Cooling	be quiet! Dark Rock Pro 4
Memory	32GB Kingston Fury
Video Card(s)	MSI RTX 5080 Vanguard SOC
Storage	Seagate FireCuda 530 M.2 1TB / Samsumg 960 Pro M.2 512Gb
Display(s)	LG 32" 165Hz 1440p GSYNC
Case	Asus Prime AP201
Audio Device(s)	On Board
Power Supply	be quiet! Pure POwer M12 850w Gold (ATX3.0)
Software	W10

It's a Web Mining Odyssey, Part 3: YouTube Falls to Injected Mining Code

Raevenlord

News Editor

CrAsHnBuRnXp

erocker

*

cdawall

where the hell are my stars

the54thvoid

Super Intoxicated Moderator

cryohellinc

Deleted member 172048

Guest

R-T-B

Indra18

New Member

Fluffmeister

R-T-B

lexluthermiester

enxo218

lexluthermiester

Liviu Cojocaru

Red_Machine

R-T-B

CrAsHnBuRnXp

Liviu Cojocaru

enxo218

R-T-B

cdawall

where the hell are my stars

R-T-B

cdawall

where the hell are my stars

R-T-B

System Name	cryohellinc PC
Processor	i7-4770k @4.5ghz
Motherboard	MSI Z87 MPOWER
Cooling	Corsair Hydro Series™ H115i
Memory	Corsair Vengeance 16gb @1600mhz
Video Card(s)	MSI Sea Hawk GTX 1080 2100mhz
Storage	3ssd - 64gb (software) ;128 (software + operational system); 256gb - Games + 1TB HDD
Display(s)	PG348Q
Case	Obsidian Series® 750D Full Tower ATX Case
Audio Device(s)	Creative Sound Blaster ZxR + Beyerdynamic DT 990 Pro 250Ω
Power Supply	Antec High Current Pro HCP-1200 1200W
Mouse	SteelSeries Sensei
Keyboard	SteelSeries 6gv2 + custom O-Rings. Using Via PS2 connector
Software	Windows 10 Pro x64

System Name	Pioneer
Processor	Ryzen 9 9950X
Motherboard	MSI MAG X670E Tomahawk Wifi
Cooling	Noctua NH-D15 + A whole lotta Sunon, Phanteks and Corsair Maglev blower fans...
Memory	128GB (4x 32GB) G.Skill Flare X5 @ DDR5-4200(Running 1:1:1 w/FCLK)
Video Card(s)	XFX RX 7900 XTX Speedster Merc 310
Storage	Intel 5800X Optane 800GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs, 1x 2TB Seagate Exos 3.5"
Display(s)	55" LG 55" B9 OLED 4K Display
Case	Thermaltake Core X31
Audio Device(s)	TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply	FSP Hydro Ti Pro 850W
Mouse	Logitech G305 Lightspeed Wireless
Keyboard	WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software	Gentoo Linux x64, other office machines run Windows 11 Enterprise

Processor	AMD Ryzen 7 5700X3D
Motherboard	MSI MAG B550 TOMAHAWK
Cooling	Thermalright Peerless Assassin 120 SE
Memory	Team Group Dark Pro 8Pack Edition 3600Mhz CL16
Video Card(s)	Sapphire AMD Radeon RX 9070 XT NITRO+
Storage	Kingston A2000 1TB + Seagate HDD workhorse
Display(s)	Hisense 55" U7K 4K@144Hz
Case	Thermaltake Ceres 500 TG ARGB
Power Supply	Seasonic Focus GX-850
Mouse	Razer Deathadder Chroma
Keyboard	Logitech UltraX
Software	Windows 11

Processor	Intel core i5 4590s
Motherboard	Asus Z97 Pro Gamer
Cooling	Evercool EC115A 915SP Cpu cooler,Coolermaster [200mm (front and top)+140mm rear]
Memory	Corsair 16GB(4x4) ddr3 CMZ16GX3M4X1600C9(Ver8.16)(XMP)
Video Card(s)	MSI GTX 970 GAMING 4G
Storage	Western Digital WDC WD2001FAS 2TB Black, Toshiba DT01ACA100 1TB
Display(s)	LG Flatron L177WSB
Case	Coolermaster CM Storm Enforcer
Audio Device(s)	Creative A550 Speakers 5.1 channel
Power Supply	SuperFlower Leadex 2 Gold 650W SF-650F14EG
Mouse	PLNK M-740 Optical Mouse
Keyboard	ibuypower GKB100 Gaming Keyboard
Software	Windows 7 Sp1 64 bit

System Name	El Calpulator
Processor	AMD Ryzen R7 7800X3D
Motherboard	AORUS X870E Elite WiFi 7
Cooling	ArcticCooling Freezer 3 360ARGB AIO
Memory	32GB Corsair Vengance 6000Mhz C30
Video Card(s)	MSI RTX 4080 Gaming Trio X @ 2925 / 23500 mhz
Storage	5TB nvme SSD + Synology DS115j NAS with 4TB HDD
Display(s)	Samsung G8 34" QD-OLED + Samsung 28" 4K 60hz UR550
Case	Antec Flux+ 6 ARCTIC P14 PWM PST A-RGB
Audio Device(s)	Marantz PM4001+Fosi P4+2xPolk XT60
Power Supply	be quiet! Pure Power 12 M 1000W ATX 3.0 80+ Gold
Mouse	Logitech G502X Plus LightSpeed Hero Wireless plus Logitech G POWERPLAY Wireless Charging Mouse Pad
Keyboard	Logitech G915 LightSpeed Wireless
Software	Win 11 Pro
Benchmark Scores	Just enough

System Name	Chachamaru-IV \| Retro Battlestation
Processor	AMD Ryzen 9 5900X \| Intel Pentium II 450MHz
Motherboard	ASUS ROG STRIX X570-F Gaming \| MSI MS-6116 (Intel 440BX chipset)
Cooling	Noctua NH-D15 SE-AM4
Memory	32GB Corsair DDR4-3000 (16-20-20-38) \| 512MB PC133 SDRAM
Video Card(s)	nVIDIA GeForce RTX 4070 FE \| 3dfx Voodoo3 3000
Storage	1TB WD_Black SN850 SSD (OS), 3TB Toshiba (Storage), 8TB Seagate FireCuda/2TB WD_Black SN580X (Steam)
Display(s)	Samsung Odyssey G5 27" @ 1440p144 & Dell U2412M @ 1200p60
Case	SilverStone Seta A1 \| Beige box
Audio Device(s)	Creative Sound Blaster AE-7, Edifier speakers, Grado Labs SR80 X headphones \| Sound Blaster AWE64
Power Supply	EVGA Supernova 750 G2 \| 250W ASETEC
Mouse	MX Master 3S\| Microsoft Serial Mouse v2.0A
Keyboard	Vortex Race3 \| Dell AT102W
Software	Microsoft Windows 11 Pro \| Microsoft Windows 98SE