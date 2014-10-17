from the class-action-lawsuit dept.
On Friday, the fact-checking website PolitiFact was found to hog its visitors' CPU cycles by using maliciously added JavaScript to mine the cryptocurrency Monero:
A fact-checking website was hacked to mine cryptocurrency over the internet browsers of its unsuspecting visitors. The Pulitzer Prize-winning website, PolitiFact, is devoted to sorting out the truth in US politics. But on Friday, it was found secretly hogging the computer resources of those who visited the site.
Independent security researcher Troy Mursch tweeted about the issue after noticing signs of a cryptocurrency miner in the website's code.
[...] Mursch said the code comes from a company called Coinhive, which developed a controversial cryptocurrency miner to help businesses find a new way to generate online revenue.
However, the Coinhive miner tends to be used in sketchy websites that pirate content or offer porn, according to AdGuard, an ad-blocking service. These sites often struggle to make money from online advertising, so they have to experiment with new ways to make money. AdGuard found 220 websites using a cryptocurrency mining code in a study it released on Thursday.
Does this count as good or bad press for a small-time cryptocurrency?
Also at TechCrunch, The Register, and Cryptovest. Coinhive blog statement from September regarding malicious use.
Previously: Showtime Streaming Service Included JavaScript to Mine Cryptocurrency Using Web Browsers
Showtime, a premium cable, satellite, and streaming television service owned by CBS, included JavaScript on two of its domains that used users' web browsers to mine the cryptocurrency Monero:
The websites of US telly giant CBS's Showtime contained JavaScript that secretly commandeered viewers' web browsers over the weekend to mine cryptocurrency.
The flagship Showtime.com and its instant-access ShowtimeAnytime.com sibling silently pulled in code that caused browsers to blow spare processor time calculating new Monero coins – a privacy-focused alternative to the ever-popular Bitcoin. The hidden software typically consumed as much as 60 per cent of CPU capacity on computers visiting the sites.
The scripts were written by Code Hive, a legit outfit that provides JavaScript to website owners: webmasters add the code to their pages so that they can earn slivers of cash from each visitor as an alternative to serving adverts to generate revenue. Over time, money mined by the Code-Hive-hosted scripts adds up and is transferred from Coin Hive to the site's administrators. One Monero coin, 1 XMR, is worth about $92 right now.
However, it's extremely unlikely that a large corporation like CBS would smuggle such a piece of mining code onto its dot-coms – especially since it charges subscribers to watch the hit TV shows online – suggesting someone hacked the websites' source code to insert the mining JavaScript and make a quick buck.
The JavaScript, which appeared on the sites at the start of the weekend and vanished by Monday, sits between HTML comment tags that appear to be an insert from web analytics biz New Relic. Again, it is unlikely that an analytics company would deliberately stash coin-mining scripts onto its customers' pages, so the code must have come from another source – or was injected by miscreants who had compromised Showtime's systems.
Also at PCMag.
(Score: 2) by crafoo on Sunday October 15, @12:26PM (2 children)
Javascript was a mistake.
(Score: 2) by takyon on Sunday October 15, @12:30PM (1 child)
Visitors consented to running that cryptocode by a.) visiting the website and b.) having JavaScript turned on. No mistakes were made!
(Score: 0) by Anonymous Coward on Sunday October 15, @12:42PM
Let me pimp your butt... oh! Without a day, without a day, ah ha haaaaa!
(Score: 0) by Anonymous Coward on Sunday October 15, @12:59PM
Or just installed, a lot of people including webmasters are looking for alternatives to ads, coinhive may not be the solution but trying to find an ad alternative is not a bad thing.
Also Javascript was not a mistake it was an intentional failure, people where discussing it as a vector and a problem from day 1, back in the olden days when we all wore onions and got shoes in shelbbyville people had contempt for javascript also of microsoft certification but times change and now people are stupider.
