Visitors of a prominent US website Politifact fell victim to a malicious cryptocurrency miner embedded in the site's code. Between Wednesday and Friday afternoon, CPU resources of unsuspecting readers were redirected to mine cryptocurrency. The incident is part of a wave of subversive cryptocurrency mining scripts taking over millions of browsers.
Politifact, a website dedicated to uncovering the truth in US Politics, got wind of the hack via social media. Troy Mursch, an independent security researcher, became aware of signs of cryptocurrency mining in the site's code. He shared a tweet saying:
Reportedly, visiting the website upped CPU system usage by more than 90 percent. Administrators of the Pulitzer prize-winning website took down the miners, and apologized to readers over email:
"We identified and removed the source of the problem. We are reviewing how malicious code got on the site and taking necessary steps to secure the site from future bad actors."
It is hard to tell apart which ones are intentionally planted or malicious. Pirate Bay came out clean on its miners, describing their move as a test for alternative revenue model to traditional banner ads.
CoinHive, the company that developed the miners is adamant their product is alternative revenue generating model for online businesses. A statement from the official blog read in part:
"We're a bit saddened to see that some of our customers integrate Coinhive into their pages without disclosing to their users what's going on, let alone asking for their permission.We hope we can convince website owner to integrate the miner in a way that is more meaningful and honest to their users."
But the actions of website operators are beyond the company's control. Stealth mining as an alternative approach is even harder to spot.
It is still not clear who planted the miners on PolitiFact's website. For now, people can use ad blockers to protect sites from unknown scripts or cross check with blacklists of known malicious scripts.