A disturbing trend in recent months, as the mining of cryptocurrencies has become less of a one-man concern, and more reliant on larger groups of miners sharing a smaller slice of an admittedly larger pie, is the concept of in-browser mining scripts. These insidious pieces of malware are hidden in the scripting of various websites and install themselves on a users computer whenever they access that site, quietly running away in the background, using that devices processing power to enhance the site owner’s own mining activities. This results in an appreciable slowdown for the end user, and many developers are creating programs to remove these malicious scripts as quickly as they are being created. Notorious torrent search engine The Pirate Bay was caught out using such software shortcuts in both its homepage and the torrents that its users downloaded, a decision that did not go down well with its userbase. Given the somewhat dubious nature of torrent downloads, it is perhaps unsurprising that PTB would consider this as a way to fund their service.Now it seems that a more reputable website – video-streaming behemoth, YouTube – is now starting to implement such measures. In the interest of clarity, it is not YouTube itself, but rather third party advertisers, whose adverts are including a data string that will allow them to harvest visitors’ CPU power into order to mine altcoins . In their defence, YouTube have been quick to act, removing most of these adverts from their platform but, depending on how much success these scripts garnered during their uptime, it can only be a matter of time before this trick is attempted again with a whole new script. The majority of the adverts concerned were installing the same code as the Monero mining scripts that have been utilised so often in the browser mining scripts discussed above. The code managed to make it onto YouTube through a weakness in the Google DoubleClick advertising platform, which was exploited by the scammers. The ads in question all contained JavaScript, which is not uncommon for advertisers on YouTube, but which also allows the malicious code to be secretly included.