Cybersecurity researchers have discovered suspicious activities on YouTube leading to the exposé that the video streaming service has been used by cryptocjackers. According to cybersecurity firm Trend Micro, the attackers behind Coinhive took advantage of advertisements to hijack a YouTube viewer's CPU.
"Attackers abused Google's DoubleClick, which develops and provides internet ad serving services, for traffic distribution," says Trend Micro in a blog post on Friday.
Also read: South Korea to ban anonymous crypto trading
The said cryptojacking was first noticed early last week after some complaints sprouted through social media that YouTube ads were raising red flags in anti-virus software. Coinhive reportedly hijacked CPUs and used its power to mine cryptocurrency.
The cybersecurity firm has confirmed the slight increase in Coinhive use around the same time through a "malvertising campaign" that overrode DoubleClick on YouTube. Countries affected in the incidents include France, Spain, Italy and Japan.
Also read: Malicious Google Chrome extensions found affecting over half million users
Google, meanwhile, has confirmed the malicious campaign, saying "in this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms".
However, Trend Micro's report suggests that "an increase in traffic to five malicious domains" from Google's ad service began on or before January 18. It intercepted the campaign on January 24 and there was already 285 per cent increase observed in the number of Coinhive miners.
Google has not responded to Trend Micro's claim at the time of writing.