Introduction

I read the article by @shahzaibmunawar recently when i was checking #youtube tagged posts here. His article does a good job of bringing attention to a threat that exists on youtube that has not been given much attention before. His post is here

Elsagate connection?

I was a little familiar with cryptojacking when I was looking into #elsagate and exploring the reasons behind it's massive widespread presence o youtube. I even stumbled upon a possible solid explanation for it's popularity, being that part of #elsagate 's motivation was to mine cryptocurrencies through the playback of the #elsagate content videos via youtube.

It's a pretty windy path to come to this conclusion but please bare with me as I show you how I first encountered #elsagate and #cryptojacking overlapping each other.

1) Paw patrol video containing hashtags amongst the gibberish stream in the comment section

2) Simple google search returns 2x results for that hashtag

Clicking between the links seemed to do exactly the same thing, open a new window and redirect me to the elsagate video content on youtube. Perhaps someone far more proficient than me at this sort of thing could elucidate me further on what is actually happening.

3) Looking into bitcoinsmining[.]ru a bit further!

4) Looking into similar cryptojacking



This youtube video was unlisted and i came across it completely by chance using search terms I can't remember anymore.

So you can see it's not that far fetched an explanation when just a few months ago, the MSM was making it known that such cryptojacking script and programs existed. This article written last December details how facebook is affected by it. If you search you will more articles warning of the dangers caused by malicious cryptocurrency mining scripts embedded into webpages and advertisements.

Cryptoloot[.]us

I am always trying to learn more regarding the blockchain and cryptocurrencies so I spend a fair bit of time researching the latest news regarding the same. It was only last week when I stumbled upon cryptoloot[.]us.

From the layout of the website, crappy use of written english and how unstraightforward the explanations offered were, I knew it was some sort of fakery or scam. It wasn't until I read the Arsetechnica article linked below that I realised cryptoloot[.]us could be the culprit behind this.

It finally made sense to me that Cryptoloot[.]us is likely behind the cryptojacking scripts infesting youtube that have been recently reported about.

And each click I took just made it seem more obvious;

CRYPT Coin

No clue about what is going on in this chart. Or on in this chart.

In Summary

If you are going to be visiting those places online where almost all the world goes, be wary of the manifold methods that exist to screw you over.

Look forward to reading any comments below on how to better notice, avoid and stop getting cryptojacked online.

Oh and if you plan on going here (I didn't, too scared), please use plenty of protection.