Some smart crooks found a way to insert and deliver the Coinhive in-browser miner inside ads delivered via the Google DoubleClick ad delivery platform.
Ads delivered this way made their way on countless sites, and even on Google's own property —YouTube.
A Trend Micro report released today claims the crooks behind this campaign started abusing Google's DoubleClick platform to deliver the Coinhive in-browser miner around January 18 and significantly ramped up operations on January 23.
The chart above shows Coinhive detections for this malvertising campaign abusing Google DoubleClick.
The huge spike represents the moment when crooks decided to deliver the Coinhive-tainted ads on YouTube, the world's largest video hosting platform.
Great now my browser everytime I watch youtube... my anti virus always blocking coinhive because malware . Idk much about it but this is getting annoying and I need a solution please T n T— Arung (@ArungLaksmana) January 23, 2018
The same form me. Maybe youtube is using coinhive . com ? pic.twitter.com/GUSItBp1tM— Neretva (@neretva2010) January 24, 2018
After Coinhive's initial success, various similar services have also launched online. These services operate by taking a small cut of the cryptocurrency website owners mine using their visitors' PCs.