Showtime websites were secretly using visitors' CPUs to mine cryptocurrency

midian182

TechSpot Editor
Staff member

Earlier this month, The Pirate Bay was heavily criticized for using a hidden in-browser cryptocurrency miner on its pages that used visitors’ CPUs to mine Monero surreptitiously. But it appears that the torrent service isn’t the only one to have engaged in this practice — websites run by CBS-owned cable network Showtime were also doing it.

The Pirate Bay was found to be running a Javascript-based bitcoin miner that increased visitors’ CPU usage dramatically when they visited certain pages. The plugin — provided by Coinhive — mined the cryptocurrency Monero, which launched in 2014.

Coinhive takes a 30 percent cut of the Monero and says using its service is a legitimate way for websites to make money. The company doesn’t, however, endorse sites using its code without first informing visitors. The Pirate Bay said it was testing the miner as an alternative to ads but quickly stopped once its presence came to light.

Over the weekend, a Twitter user noticed that Coinhive’s miner was also present in the code of Showtime.com and its streaming site, ShowtimeAnytime.com.

It’s unclear whether the Showtime sites had installed the cryptominer themselves as a test, or if they were hacked. It seems both theories have an equal number of supporters. When Gizmodo asked Showtime about the matter, a spokesperson (bluntly) said: “We decline to comment.”

Showtime has now removed the code that activated the miner from its websites. Whether it was put there by the company, or was the work of hackers looking to make a bit of money, remains unknown, but don’t be surprised to see more of these instances appearing in the future.

Permalink to story.

 

Adhmuz

TechSpot Paladin
See now this has me suspicious as to why YouTube lately has increased CPU activity to the point where I couldn't use an E8400 as my media PC anymore, it worked fine and then one day recently it just stopped being able to handle anything over 720p (even 720p60 was sketchy at best). Even the i3 I replaced it with has trouble at times intermittently.

Actually, on a higher end systems which has ample processing power this could be a way to avoid dealing with adds, this would be opted in only, but I'm sure like myself, people would be willing to exchange unused CPU power for add free viewing...

This needs to become an option on more websites in my opinion, heck, Techspot, if you can implement such a system I'm sure several people would gladly support it instead of adds.
 
  • Like
Reactions: Satish Mallya

H3llion

TechSpot Paladin
Is it even worth it? The amount of return from the fraction of CPU usage is so small, even if millions are doing it. However on the other side, this would legitimize cryptos even further.
 

jobeard

TS Ambassador
Add this line
  • 127.0.0.1 coin-hive.com
to your system32\drivers\etc\host file
and you inhibit access to the script
 

CaptainTom

TS Maniac
Is it even worth it? The amount of return from the fraction of CPU usage is so small, even if millions are doing it. However on the other side, this would legitimize cryptos even further.
I have never mined Monero, so idk how efficient it is at this type of thing. However I did mine Darkcoin in college, and back then a typical 7970 would get ~850 MH/s, and my overclocked i7-4770K only got 650 MH/s if I remember correctly.

Now look the 7970 and 4770K were using the same amount of energy, and sure the 7970 at the time was about the same price for greater return - but at the end of the day it was still worth running my CPU's.

If Monero is a similar situation, 1 million CPU's mining could equal about 500,000 gpus mining - that's A LOT of money haha! Hell even if the CPU:GPU mining ration is 1/4th what x11 (Darkcoin) wa, it would still easily be better revenue than ads.
 

wiyosaya

TS Evangelist
Is it even worth it? The amount of return from the fraction of CPU usage is so small, even if millions are doing it. However on the other side, this would legitimize cryptos even further.
I was thinking the same thing myself. I have never mined in this sense myself, however, I can think of one scenario that would possibly make it worth it and that is if the results can be passed from one browser to another where subsequent browsers pick up where the last one left off. IDK whether this is possible, though.
 

H3llion

TechSpot Paladin
I have never mined Monero, so idk how efficient it is at this type of thing. However I did mine Darkcoin in college, and back then a typical 7970 would get ~850 MH/s, and my overclocked i7-4770K only got 650 MH/s if I remember correctly.

Now look the 7970 and 4770K were using the same amount of energy, and sure the 7970 at the time was about the same price for greater return - but at the end of the day it was still worth running my CPU's.

If Monero is a similar situation, 1 million CPU's mining could equal about 500,000 gpus mining - that's A LOT of money haha! Hell even if the CPU:GPU mining ration is 1/4th what x11 (Darkcoin) wa, it would still easily be better revenue than ads.
That is true if this is the case. Afaik, CPU mining was dead years now.
 

jobeard

TS Ambassador
Why are we not protected by browser or it is not how it works?
Any webpage can load scripts, both local to the origin of the page and remote like this case. The code is simple:
Code:
<script src="url" ></script>
but what's referenced by the URL is totally known . . . leading to opportunities as in this case.

My solution #9 above cause a silent 404 error attempting to load any script from coin-hive and puts the control in the hands of the user.
 

Athlonite

TS Booster
The Pirate Bay said it was testing the miner as an alternative to ads but quickly stopped once its presence came to light.
Which basically says one thing IF we hadn't of been caught we'd still be doing it
 

CaptainTom

TS Maniac
The Pirate Bay said it was testing the miner as an alternative to ads but quickly stopped once its presence came to light.
Which basically says one thing IF we hadn't of been caught we'd still be doing it
Yeah that's pretty pathetic. I mean I actually have no problem with them beta testing this, and then announcing it if they decide to go through with it. It's their website, so do whatever you want.

But to then pull it "After people find out".... LOL if you thought it was wrong, why did you bother? Also why did you think no one would notice?!
 
  • Like
Reactions: Athlonite

Athlonite

TS Booster
Yeah that's pretty pathetic. I mean I actually have no problem with them beta testing this, and then announcing it if they decide to go through with it. It's their website, so do whatever you want.

But to then pull it "After people find out".... LOL if you thought it was wrong, why did you bother? Also why did you think no one would notice?!
I too would not have a problem with them testing this if they asked first instead of all the secret squirrel cloak n dagger stuff they did