Security researchers discovered advertisements being served to visitors to YouTube contained code inserted by anonymous attackers that would hijack the user’s processor to mine for cryptocurrency.

The attack—which can cause a victim’s machine to kick into high gear as the processor works to generate digital currency—hit users around the world, including YouTube viewers in Japan, France, Taiwan, Italy and Spain.

YouTube users took to social media to complain about the issue, noting the presence of the code caused machines to run less efficiently and overheat. Cybersecurity firm Trend Micro said the advertisements laced with hidden code resulted in three times more detections of cryptomining scripts than normal during the period it was active.

The advertisements, which were served through Google’s own DoubleClick advertising platform, used scripts that mine for a digital coin called Monero—a cryptocurrency that has gained popularity (and value) due to its process that keeps transactions totally anonymous and effectively untraceable.

In most of the instances, the ads used a script provided by mining software known as CoinHive, one of the most popular scripts for cryptomining. While CoinHive in itself is not intended to be malicious—at least according to its creators—it has gained a reputation for being used in these types of attacks.

CoinHive is one of the most popular tools for cryptojacking , an attack that steals a user’s computing power and uses it to mine profitable cryptocurrencies. Cryptojacking attacks have cropped up a number of ways online. Some websites have used the tactics to generate income without disclosing the practice to users. Cryptomining code has also been hidden in web browser extensions and other tools that hijack a user’s processor.

Any time a person visits the site, the script kicks in and starts to hijack the processing power of the visitor’s computer, using it to mine for Monero—a task that involves solving complicated mathematical problems in order to process transactions and release additional currency.

Often times, cryptojacking behavior can go unnoticed by a user. The fan on their computer might kick in or they may notice their browser start to feel sluggish, but there is no intrusive behavior that would tip off an individual they are being used to generate cash for someone else. Generally speaking, it is annoying but not a harmful attack—though there have been instances of cryptomining destroying mobile devices .

It’s unclear just how much the attackers have made off of the cryptojacking effort through YouTube. Trend Micro managed to link the attack to an individual key, but it is not possible to determine just how much Monero has been mined from the ads.

YouTube has not yet publicly acknowledged the issue and it is not known if Google has taken action to block or remove the advertisements. In the meantime, Some browsers like Opera and antivirus software like Avast have built in tools to block cryptominers from running without user permission and can serve as a valuable line of defense against such attacks.