Several users warned of the problem by noticing how their antivirus blocked the mining programs-specifically, Coin-hive hidden in the code of YouTube ads.
The Double Click ad platform has apparently been the victim of a cyber attack that allowed crackers to take advantage of these ad insertion codes to integrate the Coin-hive client that allows mining Monero Cryptocurrency (XMR) very valued for its anonymity and privacy- without users noticing anything.
The Trend Micro researchers indicated that they had noticed a 200% growth in the presence of “web miners” referring to this type of process. Most of these processes make use of the Coin-hive client, but 10% of the detected cases referred to the attackers’ own code, which prevented them from having to assign 30% of the income obtained with their script to Coin-hive.
Google officials have issued a statement that “cryptocurrency mining through ads is a relatively new form of abuse of the service that violates our policies, and we are actively observing it.”
Several antivirus clients have for some time had extra features to detect this type of “web mining” processes, and although these clients do take advantage of the hardware resources of our devices to make cryptocurrency mining, at the moment there are no signs that indicate that These clients install ransomware or other malware.