articleStartImage

Visitors of a prominent US website Politifact fell victim to a malicious cryptocurrency miner embedded in the site's code. Between Wednesday and Friday afternoon, CPU resources of unsuspecting readers were redirected to mine cryptocurrency. The incident is part of a wave of subversive cryptocurrency mining scripts taking over millions of browsers.

Politifact, a website dedicated to uncovering the truth in US Politics, got wind of the hack via social media. Troy Mursch, an independent security researcher, became aware of signs of cryptocurrency mining in the site's code. He shared a tweet saying:

Reportedly, visiting the website upped CPU system usage by more than 90 percent. Administrators of the Pulitzer prize-winning website took down the miners, and apologized to readers over email:

"We identified and removed the source of the problem. We are reviewing how malicious code got on the site and taking necessary steps to secure the site from future bad actors."

Similar browser intrusions have been on the rise. Last month, visitors on two showtime websites - showtime.com and showtimeanytime.com - reported covert mining scripts. Some Pirate Bay users uncovered Javascript-based bitcoin miners while browsing some pages in late September. As far as Nairobi, East Africa, tabloid blogs were busted dramatically draining CPU usage.

Script miners are pieces of code written in Javascript. Once embedded in a site's code, they initiate hash mining when the website is launched in a browser. A part of the visitor's CPU resources is channeled to mining Monero, an anonymous cryptocurrency currently trading at $93. As long as browsing tabs remain open, the miners mint money from a few million users. 

A report by Adguard found 220 websites affected with a reach of over 500 million.

It is hard to tell apart which ones are intentionally planted or malicious. Pirate Bay came out clean on its miners, describing their move as a test for alternative revenue model to traditional banner ads. 

CoinHive, the company that developed the miners is adamant their product is alternative revenue generating model for online businesses. A statement from the official blog read in part:

"We're a bit saddened to see that some of our customers integrate Coinhive into their pages without disclosing to their users what's going on, let alone asking for their permission.We hope we can convince website owner to integrate the miner in a way that is more meaningful and honest to their users." 

But the actions of website operators are beyond the company's control. Stealth mining as an alternative approach is even harder to spot.

It is still not clear who planted the miners on PolitiFact's website. For now, people can use ad blockers to protect sites from unknown scripts or cross check with blacklists of known malicious scripts.