Threat Management, Threat Management

CBS’s Showtime sites silently used Monero Miners on user’s browsers

CBS's Showtime is the latest site to silently mine Monero cryptocurrencies off of the systems of unsuspecting users in the latest trend of cryptocurrency miner infections.

Between this weekend and Monday, and had hidden JavaScript that secretly commandeered viewers' web browsers and consuming as much as 60 per cent of their CPU capacity before the media company silently pulled the code, according to the Register.

It is unclear whether or not the code was used intentionally by Showtime or put in place by a threat actor. The script was spotted between HTML comment tags that appear to be an insert from web analytics company New Relic who told the publication it had nothing to with the mystery code.

"We take the security of our browser agent extremely seriously and have multiple controls in place to detect malicious or unauthorized modification of its script at various points along its development and deployment pipeline," New Relic's Andrew Schmitt said. "Upon reviewing our products and code, the HTML comments shown in the screenshot that are referencing newrelic were not injected by New Relic's agents."

Schmitt said it appears the code was added to the website by its developers. Showtime declined to comment on the issue.

Last week, Pirate Bay was caught intentionally using the same Coinhive Javascript cryptocurrency miner on their visitor's CPUs in an attempt to wean themselves from being dependent on ad revenue.

This method of using silent cryptocurrency miners may be one of the sneakiest ways to accumulate money and is even more secure for the criminal than attacking with ransomware infections, Webroot Senior Threat Research Analyst Tyler Moffitt told SC Media.

“We don't know for sure yet if this was orchestrated by Showtime as an experiment or if they were hacked,” Moffitt said. “Either way, this Coinhive JavaScript is brand new and will be adopted by criminals (maybe even ad services).”

Moffitt added that hackers can now make money simply by injecting ads or streaming services to steal processing power and to mine cryptocurrency instead of to infect people with ransomware.

“Coinhive needs to require an explicit opt-in from the end user to run the mining script,” he said. “However, until they do so, criminals will continue to abuse this new technology.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.