YouTube Advertisements Deliver Cryptocurrency-Mining Script
NJCCIC Alert
Original Release Date: 2018-02-01
Researchers at Trend Micro discovered a new malvertising campaign that leverages Google’s DoubleClick platform to embed Coinhive mining scripts in YouTube advertisements. The cryptocurrency campaign, which utilizes Coinhive and a private mining script, was detected after researchers observed a dramatic increase in Coinhive activity attributed to five malicious domains. The activity was also detected by antivirus programs when users attempted to view YouTube videos. To date, countries impacted by these malicious ads include Japan, France, Taiwan, Italy, and Spain.
The NJCCIC recommends users review Trend Micro’s report for associated Indicators of Compromise (IoCs) and consider installing a reputable ad-blocking, script-blocking, and coin-blocking extension in their browsers. Additionally, we recommend keeping software up-to-date and applying patches as soon as they are released.
Featured Content
- Pulse Connect Secure Vulnerabilities Are Actively Being Exploited>
- Phishing Campaigns Attempt to Steal Credentials for Cloud Services>
- Geico Hack Impacts Residents in 8 States>
- SonicWall Email Security Vulnerabilities Are Actively Being Exploited>
- New Critical Vulnerabilities in On-Premises Microsoft Exchange Servers>
- Threat Actors Abuse Contact Forms in Recent Malware Campaigns>
- Google Chrome Vulnerabilities Exploited in the Wild – Patch Now>
- Increase in Ransomware Attacks Targeting Education Sector>
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.