YouTube Advertisements Deliver Cryptocurrency-Mining Script

Researchers at Trend Micro discovered a new malvertising campaign that leverages Google’s DoubleClick platform to embed Coinhive mining scripts in YouTube advertisements. The cryptocurrency campaign, which utilizes Coinhive and a private mining script, was detected after researchers observed a dramatic increase in Coinhive activity attributed to five malicious domains. The activity was also detected by antivirus programs when users attempted to view YouTube videos. To date, countries impacted by these malicious ads include Japan, France, Taiwan, Italy, and Spain. The NJCCIC recommends users review Trend Micro’s report for associated Indicators of Compromise (IoCs) and consider installing a reputable ad-blocking, script-blocking, and coin-blocking extension in their browsers. Additionally, we recommend keeping software up-to-date and applying patches as soon as they are released.