Showtime websites used visitors’ CPUs to secretly harvest cryptocurrency

Brittany A. Roston - Sep 26, 2017, 2:50pm CDT
1
Showtime websites used visitors’ CPUs to secretly harvest cryptocurrency

Over the weekend, Showtime’s website was caught using visitors’ CPUs to mine cryptocurrency without their knowledge, an issue that also recently surfaced at The Pirate Bay. The issue came to light in a tweet made by Twitter user @SkensNet, who pointed toward the offending source code. He tagged Showtime in the tweet, but no reply was forthcoming, and the code remained live for at least several hours following the publicity.

While some people generously gave Showtime the benefit of the doubt and assumed the mining had to do with being hacked, the company’s continued silence on the matter has many speculating that the Coin Hive code was intentionally placed as a potential way to bring in more funds for the company. We won’t know either way until an official statement is made, however.

Coin Hive provides website owners with a way to leverage visitors’ CPUs to harvest the digital currency, but the idea is that the website should ask permission first or, as a bare minimum, should notify visitors that it is happening. Neither was the case with The Pirate Bay, which introduced the code onto its website intentionally as a potential alternative to running ads for revenue. Whether Showtime’s case is due to the same isn’t known.

The code disappeared from Showtime’s website at some point after it was made public by the tweet above, but the company still hasn’t issued any statements about why it was there to begin with. Bleeping Computer published a piece earlier this week showing that the Coin Hive code was running on both the Showtime.com and ShowtimeAnytime.com domains, the latter of which belongs to the company’s relatively new streaming service.

Though many publications have statement requests out with Showtime, it has not responded to any of them. This has fueled speculation that this may have been an experiment on Showtime’s part to test whether this is a viable business model in the future. Not fond of having your CPU hijacked to make someone else money? This Chrome extension will block such attempts.

SOURCE: Bleeping Computer


Must Read Bits & Bytes