On Friday, the fact-checking website PolitiFact was found to hog its visitors' CPU cycles by using maliciously added JavaScript to mine the cryptocurrency Monero:
A fact-checking website was hacked to mine cryptocurrency over the internet browsers of its unsuspecting visitors. The Pulitzer Prize-winning website, PolitiFact, is devoted to sorting out the truth in US politics. But on Friday, it was found secretly hogging the computer resources of those who visited the site.
Independent security researcher Troy Mursch tweeted about the issue after noticing signs of a cryptocurrency miner in the website's code.
[...] Mursch said the code comes from a company called Coinhive, which developed a controversial cryptocurrency miner to help businesses find a new way to generate online revenue.
However, the Coinhive miner tends to be used in sketchy websites that pirate content or offer porn, according to AdGuard, an ad-blocking service. These sites often struggle to make money from online advertising, so they have to experiment with new ways to make money. AdGuard found 220 websites using a cryptocurrency mining code in a study it released on Thursday.
Does this count as good or bad press for a small-time cryptocurrency?
Also at TechCrunch, The Register, and Cryptovest. Coinhive blog statement from September regarding malicious use.
Previously: Showtime Streaming Service Included JavaScript to Mine Cryptocurrency Using Web Browsers
Related Stories
Showtime, a premium cable, satellite, and streaming television service owned by CBS, included JavaScript on two of its domains that used users' web browsers to mine the cryptocurrency Monero:
The websites of US telly giant CBS's Showtime contained JavaScript that secretly commandeered viewers' web browsers over the weekend to mine cryptocurrency.
The flagship Showtime.com and its instant-access ShowtimeAnytime.com sibling silently pulled in code that caused browsers to blow spare processor time calculating new Monero coins – a privacy-focused alternative to the ever-popular Bitcoin. The hidden software typically consumed as much as 60 per cent of CPU capacity on computers visiting the sites.
The scripts were written by Code Hive, a legit outfit that provides JavaScript to website owners: webmasters add the code to their pages so that they can earn slivers of cash from each visitor as an alternative to serving adverts to generate revenue. Over time, money mined by the Code-Hive-hosted scripts adds up and is transferred from Coin Hive to the site's administrators. One Monero coin, 1 XMR, is worth about $92 right now.
However, it's extremely unlikely that a large corporation like CBS would smuggle such a piece of mining code onto its dot-coms – especially since it charges subscribers to watch the hit TV shows online – suggesting someone hacked the websites' source code to insert the mining JavaScript and make a quick buck.
The JavaScript, which appeared on the sites at the start of the weekend and vanished by Monday, sits between HTML comment tags that appear to be an insert from web analytics biz New Relic. Again, it is unlikely that an analytics company would deliberately stash coin-mining scripts onto its customers' pages, so the code must have come from another source – or was injected by miscreants who had compromised Showtime's systems.
Also at PCMag.
The news outlet Salon is allowing Adblock-using visitors to opt-in to using the JavaScript-based Coinhive tool to mine the cryptocurrency Monero:
Other sites have used cryptocurrency mining in lieu of (or in addition to) advertising. Sometimes, it's done surreptitiously without users' consent — The Pirate Bay admitted to secretly adding Coinhive integration last year, and hackers have planted mining malware on other sites. In this case, it's an opt-in program; a spokesperson tells FT that testing started on Monday.
Salon has an FAQ explaining this move.
Also at Ars Technica.
Related: Showtime Streaming Service Included JavaScript to Mine Cryptocurrency Using Web Browsers
PolitiFact Hacked to Mine Cryptocurrency Using Visitors' Web Browsers
Wi-Fi at Starbucks Buenos Aires Has Computers Mine Crypto-Currency
Bitcoin Hype Pushes Hackers to Lesser-Known Cryptocurrencies
Thousands of Websites Hijacked by Hidden Crypto-Mining Code After Popular Plugin Pwned
(Score: 4, Insightful) by crafoo on Sunday October 15 2017, @12:26PM (6 children)
Javascript was a mistake.
(Score: 4, Interesting) by takyon on Sunday October 15 2017, @12:30PM (4 children)
Visitors consented to running that cryptocode by a.) visiting the website and b.) having JavaScript turned on. No mistakes were made!
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Sunday October 15 2017, @12:42PM
Let me pimp your butt... oh! Without a day, without a day, ah ha haaaaa!
(Score: 1) by HyperQuantum on Sunday October 15 2017, @11:58PM (2 children)
Most people don't even know that something like Javascript actually exists, let alone that it can be turned off.
(Score: 2) by takyon on Monday October 16 2017, @02:54AM (1 child)
If they don't feel it, they do consent!
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Monday October 16 2017, @09:17AM
Interesting argument.
Recently we had here a story about a camera in a bnb bedroom, hidden in a smoke detector. [soylentnews.org] Applying your logic to that case, we have to conclude that all those who didn't notice the camera (and thus were not aware of its existence) did consent to the recording.
(Score: 1, Interesting) by Anonymous Coward on Sunday October 15 2017, @01:51PM
How often you find a site that doesn't load properly without javascript... to only find static content on that site after you activate it.
(Score: 1, Interesting) by Anonymous Coward on Sunday October 15 2017, @12:59PM (1 child)
Or just installed, a lot of people including webmasters are looking for alternatives to ads, coinhive may not be the solution but trying to find an ad alternative is not a bad thing.
Also Javascript was not a mistake it was an intentional failure, people where discussing it as a vector and a problem from day 1, back in the olden days when we all wore onions and got shoes in shelbbyville people had contempt for javascript also of microsoft certification but times change and now people are stupider.
(Score: 2) by maxwell demon on Sunday October 15 2017, @03:17PM
I still remember the days when you could configure your browser so that it warns you whenever information (other than the URL) was sent to the web site.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 3, Insightful) by bornagainpenguin on Sunday October 15 2017, @04:18PM (1 child)
It's an amazing coincidence how often that truth tends to resemble Democrat platform talking points. Even to the point of splitting hairs...Amazing!
(Score: 4, Interesting) by Arik on Sunday October 15 2017, @05:41PM
Everyone has a bias, and not all bias is conscious.
So far as I'm concerned it's actually encouraging to see the left-wing media acknowledge that facts are important. Many of them seem to be 'over that.'
If laughter is the best medicine, who are the best doctors?