Showtime, a premium cable, satellite, and streaming television service owned by CBS, included JavaScript on two of its domains that used users' web browsers to mine the cryptocurrency Monero:
The websites of US telly giant CBS's Showtime contained JavaScript that secretly commandeered viewers' web browsers over the weekend to mine cryptocurrency.
The flagship Showtime.com and its instant-access ShowtimeAnytime.com sibling silently pulled in code that caused browsers to blow spare processor time calculating new Monero coins – a privacy-focused alternative to the ever-popular Bitcoin. The hidden software typically consumed as much as 60 per cent of CPU capacity on computers visiting the sites.
The scripts were written by Code Hive, a legit outfit that provides JavaScript to website owners: webmasters add the code to their pages so that they can earn slivers of cash from each visitor as an alternative to serving adverts to generate revenue. Over time, money mined by the Code-Hive-hosted scripts adds up and is transferred from Coin Hive to the site's administrators. One Monero coin, 1 XMR, is worth about $92 right now.
However, it's extremely unlikely that a large corporation like CBS would smuggle such a piece of mining code onto its dot-coms – especially since it charges subscribers to watch the hit TV shows online – suggesting someone hacked the websites' source code to insert the mining JavaScript and make a quick buck.
The JavaScript, which appeared on the sites at the start of the weekend and vanished by Monday, sits between HTML comment tags that appear to be an insert from web analytics biz New Relic. Again, it is unlikely that an analytics company would deliberately stash coin-mining scripts onto its customers' pages, so the code must have come from another source – or was injected by miscreants who had compromised Showtime's systems.
Also at PCMag.
(Score: 4, Interesting) by edIII on Thursday September 28 2017, @08:43AM
Dude, I wasn't talking about every single page. It could be a link to the side where you can voluntarily load the dedicated page with the mining script. I would browse articles and comments in other tabs without JS.
Injecting code into every page would be overkill. Once per session is fine, and the dedicated page allows you to decide when you're contributing or not. Takyon had the right idea though, but it wouldn't be a bad idea to have a howto link in our profiles with the code ready for download and customization. Then I can run it from my own webserver, or just load it up locally.
I wasn't suggesting work computers or servers. Although, I have enough authority to do so anyways. For that matter, any virtual instances are already paid for. It makes no difference whether you did a full processing load or not, you're still charged for it in that second. Power, CPU, GPU, all rolled into one rate per second. On those machines, it literally makes no sense to not take advantage of the processing cycles. Of course, these are on my own servers. For clients I would never install and run unauthorized code in the first place.
Technically, lunchtime is at any moment. It's just a wave function.