Injecting websites with JavaScript that forces a user’s PC to mine cryptocurrency appears to be this Summer’s hit for cybercriminals.

Just last week local website Memeburn had a script for Coinhive unintentionally placed on its website and now US TV network Showtime has had a similar incident on two of its sites.

Showtime.com and ShowtimeAnytime.com were both hiding a Coinhive script at the weekend.

At first it was believed that the Coinhive script was placed there by analytics firm New Relic given that the code was sitting between two HTML comment tags inserted by the firm.

The Register reports that New Relic had nothing to do with the code on the Showtime sites, and that it has strict controls in place to insure its code is not compromised.

In addition to this the publication contacted Coinhive which informed it that the email address used to set up the account tied to the Coinhive account was a personal address and not one tied to CBS or Showtime.

While Showtime has not commented on the presence of the script there is enough evidence to suggest that it was placed there by other parties. That having been said The Piratebay placed a cryptocurrency miner on its website without informing its users, so at this stage, without official comment, it’s tricky to tell what the story really is.

Given that this is now the second incident where a website has had a cryptocurrency miner surreptitiously placed on its site we do wonder if this is becoming a new attack vector for criminals. If it has its a real pity for websites that could have used the code responsibly to generate revenue from users in an age where ad-blockers are as prevalent as they are.

 

[Image – CC BY 0 Pixabay]
Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.