The Arrival of Cryptojacking in Google Ads, and What This Means for Users

Cryptojacking started off as something simple. When we first talked about it, it was only malicious webmasters and hackers getting onto the cryptojacking trend. When we last reported on its progress, it had begun to spread to Facebook, where people were sending malicious links via the Messenger feature. At the time we commented on whether or not cryptojacking would become a big part of the cybercriminal world. Unfortunately, it appears that cryptojacking is here to stay, with the newest line of attacks hitting a big target: Google Ads.

How It Spread to Ads

For the past few reports, cryptojacking has been somewhat easy to dodge. Simply stay away from shady sites and don’t accept files from shady Facebook contacts, and you’re all set. However, this recent attack on Google Ads itself poses a much larger problem. Criminals have tried slipping ads with the cryptojacking technology embedded within them into the Google Ads channel. Google Ads make up a large part of our daily online lives, meaning this attack affects a lot of people. In fact, users have already seen ramifications on a top distributor of Google Ads – YouTube.


Recently, users watching YouTube videos have been reporting that the site slows down their computers. The videos also set off virus protection services that claimed that a cryptojacking attack by “CoinHive” was underway. There’s a good reason for this: with YouTube under Google’s domain, the adverts shown before the videos played were serviced by Google Ads. When Google Ads had cryptojacking scripts slid under it, innocent YouTube viewers were witnessing their devices being used as mining rigs for a stranger!

Why Is This Happening?

At the time of writing, the tech world is currently experiencing a gold rush for cryptocurrencies. It’s so bad, even graphics card prices are being driven up as people are buying them en-masse to fit out their mining rigs. Of course, while there are those who earn their coins via respectable methods, there will always be those who try to earn money through illegitimate means!


As long as cryptocurrency is still a major player within the tech world, cryptojacking will be around. It also goes somewhat hand-in-hand with ransomware, another type of malware that saw a spike in activity within late 2017 to early 2018. With hackers diverting their attention away from simply doing damage and into making money off of their victims, cybercrime has become more profitable than ever.

How to Avoid These Attacks


As security companies figure out how people are slipping cryptojacking attacks into Google Ads, hopefully the amount of attacks made on users will be reduced to a more manageable level. For the time being, if you’re worried about your computer coming under attack from a malicious ad, it’s best to ensure your antivirus is up to date and install an ad blocker on your browser. Try to turn it off if you know the site doesn’t use Google Ads. If it does, keep it on while this new attack vector blows over.

Abominable Ads

Once a novel method of attack, cryptojacking has proven that it is now here to stay. With its latest strike on Google Ads, it’s becoming harder to keep yourself safe from a cryptojacking attack. Now you know of cryptojacking’s newest attack vector and how to avoid it.

With companies always telling users to disable ad-blockers, how does the fact that ads are now being used as attack vectors make you feel? Let us know below.

Simon Batt Simon Batt

Simon Batt is a Computer Science graduate with a passion for cybersecurity.


  1. “Try to turn it off if you know the site doesn’t use Google Ads.”
    If I were just to visit only a few sites repeatedly, that might work. But since I visit new sites daily, by the time I find out if a site is using Google Ads, it will be too late. Also, how am I supposed to know if a white-listed site decides to begin using Google Ads? Then there is the fact that ads are used to deliver other crap- and mal-ware. It is much more secure if I block all ads.

  2. I have disabled Ublock Origin and I’m now using the special hosts file written by Steven Blacks:
    Do you think it is reliable also against these “abominable” Google Ads?

  3. What dragonmouth said. And not only is it more secure when all ads are blocked, the browsing experience is far, far better without having to see all those annoying, intrusive ads all the time.

    “with YouTube under Google’s domain, the adverts shown before the videos played”
    There are ads before YouTube videos? Interesting…I don’t believe I’ve ever seen such a thing. Perhaps my ad blocker is working better than I thought :-)

    “With companies always telling users to disable ad-blockers, how does the fact that ads are now being used as attack vectors make you feel?”
    Doesn’t change my feelings one iota. My ad blocker is set to block everything possible and I never disable it. If a web site complains about me using an ad blocker, I simple ignore the whining, dismiss the pop-up window and continue reading/watching whatever I came to the site for. If a site refuses to allow me to continue without disabling the ad blocker, I simply immediately leave the site…there isn’t any content on the web worth even the minuscule effort of disabling the ad blocker or whitelisting the site. And as dragonmouth pointed out, whitelisting a web site is an extremely bad idea…just because the site is OK today doesn’t mean that it’ll be OK tomorrow, or the next day, or …

    Nope, allowing ads through is a bad idea, and apparently one that is getting worse by the day.

    1. ” If a web site complains about me using an ad blocker”
      The mods and/or writers on some site threaten that “if the visitors do not disable their ad-blockers, the site will have set up a pay-wall”. My response is “Go ahead and see how many (few) visitors you get then.”

Comments are closed.