Note: This post has been moved from Latest Picks due to length of extended updates.
Hackers invade YouTube ads to mine cryptocurrency (pcmag.com).
[Last] week, ads over YouTube carried a sneaky surprise: a cryptocurrency miner. The mining software briefly invaded the video platform in an attempt to secretly siphon the computing power from any YouTube viewers who encountered the ads.
Something you may have noticed your antivirus software of choice picking up on more and more with Javascript files flagged as malware with a JS. prefix in slightly dodgy monetised, or just damn right hacked and monetised malicious sites of late, your desktops graphics card being particularly suited for cryptocurrency mining (kaspersky.com, Jul. 2017) and reminding that some still do imagine low virtual horsepowered in relation ’Droid and iDevices still havn’t quite took over the virtual online landscape just yet and perhaps never completely will.
And the “culprit” being those banking on Monero, the new “black market digital currency that’s going mainsteam (lifehacker.com), as being their road to virtual Eldorado:
The culprit? Hackers who decided to abuse Google’s ad network. The bad actors seeded the advertisements with web scripts that’ll run over your browser to mine the digital currency Monero. … Twitter users noticed the problem too. They’ve posted screenshots of their antivirus software detecting the mining scripts.
But it didn’t last long, Google blocking the ads within two hours and the “bad actors” removed from “Goodle’s platforms”.
“Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we’ve been monitoring actively,” a [YouTube/Google] spokesperson said on Friday in an email.
Mining of course comes at a cost, and one those viewing content with the mining script bare:
It can hog your PC’s computer resources, and drag down the performance. In this case, the mining scripts in the YouTube scheme were configured to siphon 80 percent of the PC’s computing power, Trend Micro said.
Resulting in #stankface and angry shaking of ’Droid phone waiting for Busta “now rather slow” Rhymes to get through a rap; but while such scripts usually require a botnet of infected computers and go for $500 to $2,000 on invite only Dark net forums (krebsonsecurity.com, Dec. 2017).
But that was not the source in this case, with it noted the spate of hijacked websites and even Chrome browser extensions seeded with scripts that mine the digital currency Monero:
Many of these hacks all have something in common: they’ve relied on a service called Coinhive to do the mining. Since Sept, Coinhive has been offering a Javascript Monero miner that anyone can register to use and slip into a website. In return, Coinhive takes a 30 percent cut. Wednesday’s YouTube scheme pulled from the same playbook; it too used a Coinhive script in about 90 percent of the ads served. The remaining ads employed a private web miner.
Said Coinhive script becoming widespread and seemingly still downloadable but the Coinhive Javascript library domain now blocked by most antivirus software:
So far, Coinhive hasn’t commented on the YouTube scheme. But its mining script has become widespread. Many anti-virus vendors including Trend Micro are starting to rank it as among the most pervasive malware threats circulating on the web.
Indeed, seemingly becoming the profitable “pervasive malware threat” the Ransomware that has dominated the malware beat was for the last few years:
After WannaCry and NotPetya, ransomware dwindled in 2017 (cnet.com).
Hackers are also still innovating. Adam Kujawa, director of malware intelligence at Malwarebytes, said the biggest trend he observed in December was the rise of “crypto-jacking.” That's when websites you visit secretly use your computer’s processing power to run a program that creates bitcoins.
And sensing that cryptocurrencies, if not scams them self are at least more often used then said currency itself to propagate get rich quick scams:
Facebook is banning all ads promoting cryptocurrencies—including bitcoin and ICOs (recode.net).
Facebook is banning all ads that promote cryptocurrencies, including bitcoin, in an effort to prevent people from advertising what the company is calling “financial products and services frequently associated with misleading or deceptive promotional practices.”
Being increasing noted that:
Cryptocurrency scams are just straight-up trolling at this point (wired.com).
[Lithuanian cryptocurrency startup] Prodeum asked investors to help raise as much as 5,400 ether—roughly $6.5 million—in an ICO. But after collecting what looks like less than the price of two Chipotle burritos, Prodeum disappeared. The company’s sparkly, professional-looking website was replaced with a single, trolling word: penis.
![Your rich neighbor might [be] using this Bitcoin hack](/blog/images/mb/2017/12/bitcoin-hack-ad.jpg "Your rich neighbor might [be] using this Bitcoin hack")
Indeed, and either you or said neighbour is a “rich” monkeys uncle.
Updated 22nd February 2018
And seemingly corresponding with poll results so far—have your vote to see see and indeed perhaps change those results.
Bitcoin, titcoin, ponzicoin: jokes and scams fuel a cryptocurrency gold rush (theguardian.com).
Ponzicoin is the perfect emblem of the crypto gold rush. As bitcoin and other more established currencies have soared in value over the last year, there’s been a flood of interest from investors and speculators hoping to become the next crypto millionaires. That surge of interest has been matched by an explosion of alternative cryptocurrencies, known as altcoins, ranging from legitimate ways to invest in companies to outright scams.
Including “Jesuscoin”, “Bananacoin”, “Putincoin”, “Potcoin”, and “Titcoin”. Beyond the joke and meme potential, how could these be taken seriously enough for people to risk their money investing in something unregulated and open to such blatant shilling?
“In stocks everyone uses Bloomberg, but in crypto it’s Reddit and Twitter,” [cryptocurrency investor Chris Koerner said].
Social media platforms fuel the speculation, with anonymous tipsters operating huge “pump and dump” schemes in which they pick a low-volume coin and encourage a group of people to buy into it to inflate the price, encouraging others to pile in, and then sell at a profit. Only a small proportion of those involved in the pump and dump scheme will make any money.
And shamelessly some technocrats of social media should either know better or perhaps should be wondered if they are part of the “pumping”:
@jack being the official account of hipster bearded Twitter CEO Jack Dorsey. And no, he’s not been hacked, but perhaps showing where he’s speculating to help Twitter if the first time Twitter made a profit in its 12 year history (telegraph.co.uk, 8th Feb. 2018) by cutting costs cannot be repeated with falling sign ups and usage and what is actually looking to be control by Russian troll factory version of elect a president Candid Camera (washingtonpost.com).
And yes, he now demands your phone number so he knows he can “trust you” when you sign up.
As for those “shitting a virtual brick as email says contract put on my life unless pay 2 grand in BogusCoin by Wednesday”:
Bitcoin thieves threaten real violence for virtual currencies (nytimes.com).
In New York City, a man was held captive by a friend until he transferred over $1.8 million worth of Ether, a virtual currency second in value only to Bitcoin.
Similar events leading to conference for 170+ “leaders” in the virtual currency industry held in Cancun, Mexico where a security force had to be brought to to protect guests from criminals keen to pinch their virtual currency wallets along with anything else gripped in firm cholo shakedown while they were in attendance:
During the group discussion at the conference, attendees talked about having a “duress wallet” at home that can be handed over to throw an assailant off the trail of a bigger fortune, as well as several other security measures that can be used to deal with the threat.
Leading on to inevitable all-American tips to “go dark” by not providing real world address to anyone and picking up deliveries from a PO box and to “protect your software with hardware” in the form of assault rifles and something .357 caliber that can be quickly gripped under your pillow in the heat of the moment.
Updated 26th February 2018
Elon Musk just revealed the surprising amount of Bitcoin he owns (time.com).
Entrepreneur and engineer Elon Musk-man whose name is synonymous with boundary-pushing companies like Tesla and SpaceX—just revealed how much Bitcoin he owns. And it’s not a lot.
Indeed, being fuck all:
“I literally own zero cryptocurrency, apart from .25 BTC that a friend sent me many years ago,” Musk said in a tweet on Thursday. That’s about $2,552.42 as of Friday afternoon (Bitcoin values fluctuate constantly).
Small change to a chap worth $21.4 billion according to the Bloomberg Billionaire Index. But Musk’s tweet was in response to a Twitter user asking why so many spammers—or speculators—were impersonating Musk with cryptocurrency scams—or exciting “my first Bitcoin” testimonials, reading us back to Twitter CEO Jack Dorsey:
“What’s with all the ETH spam?” a user asked, referring to the cryptocurrency Ethereum.
“Not sure,” Musk responded. “I let [Jack Dorsey, CEO of Twitter] know, but it’s still going.”
Yeah, “pumping” Jack dragging his feet with that one.
Updated 3rd March 2018
And having given his impression of exactly what Brexit will do for the wallets of Lil’ English in midlife crisis desperate to get their sovereignty back (theguardian.com, Feb. 2018), Bank of England chief chappy seeming selects either “speculative bubble that will soon burst ” or “pyramid scheme ripe for scammers of ever kind” option in poll:
Bank of England Governor Mark Carney: The only way to make money from bitcoin is to find a greater fool than you (mirror.co.uk).
Bank of England Governor Mark Carney has launched a scathing attack on cryptocurrencies such as bitcoin, and called for them to be held to the “same standards as the rest of the financial system”.
In a speech delivered to the Inaugural Scottish Economics conference in Edinburgh, Carney branded cryptocurrencies a “failure”, a lottery and said they exhibit the “classic hallmarks of bubbles” that attract “fools”.
Ouch!
Updated 14th March 2018
And as Facebook banned, Google does too:
Google is banning all bitcoin, ICO, and cryptocurrency ads from June (uk.businessinsider.com).
Scott Spencer, Google’s Director of Sustainable Ads, said in a blog post on Wednesday that the company has “updated several policies to address ads in unregulated or speculative financial products like binary options, cryptocurrency, foreign exchange markets and contracts for difference (or CFDs).”
And that we should just snake oil from their AdSense adverts instead, which you too could sign up with to “monetize” your web presense.
Recent/related stories
- Fixes rushed out for Meltdown and Spectre chip exploits (Blog 5th January 2018)
- Bitcoin lands on Wall Street, but will the landing finally burst the cryptocurrency bubble? (Latest Picks 12th December 2017)
Page: prev. | 1 | next