According to a report by technology website Ars Technica, the antivirus red flags continued to appear after users changed the browsers to watch YouTube. The issue only came up when a YouTube video was played. Cyber-security research firm Trend Micro published a blog post on Sunday, saying it detected a 285 percent increase in the number of CoinHive miners on Wednesday, January 24. A deeper look into the problem showed five malicious domains had enjoyed a five-fold increase in traffic since January 18, with Google DoubleClick ads turning out to be the source of traffic.
In a statement to Ars Technica, Google said, "Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we've been monitoring actively. We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms." It is not apparent which ads were blocked within two hours.