Two CBS Showtime Websites Caught Mining Monero Coins on Viewer’s Browsers

Two websites operated by CBS’s Showtime video network have been identified as containing cryptocurrency mining scripts.

It is not unusual to hear news about stealing computing resources for cryptocurrencies, but the latest issue about this involves two websites of CBS Showtime, a giant television corporation in the US. The incident happened last September on Showtime.com and ShowtimeAnytime.com.

Did the Company Really Use their Viewer’s Browsers to Gain Profit?

It seems very unlikely for a big company that charges their subscribers for watching their shows would do something like this. However, the Javascript codes on the two websites somehow prove the seemingly strange and cheap act. According to the reports, the codes were able to calculate new Monero coins, which is a privacy-focused cryptocurrency similar to Bitcoin.

Without the viewers noticing, the hidden software had already consumed around 60 percent of their CPU capacity. Today, 1 Monero coin is equivalent to $92. Upon appearing in the sites last September 26, the JavaScripts vanished or removed the next Monday.

Then, Who is the Real Culprit?

The JavaScript was in between HTML comment tags that looks like it was inserted by the web analytics New Relic. Again, it would be strange for CBS Showtime to deliberately insert scripts onto their subscriber’s pages.

What is possible is that the code must have created by someone or maybe a group of hackers was able to get the websites’ source code and stash the mining JavaScript to earn money quick.

While the management of Showtime refused to comment on the issue, New Relic is firm that the mystery codes were not from them.

Andrew Schmitt from New Relic said:

“We take the security of our browser agent extremely seriously and have multiple controls in place to detect malicious or unauthorized modification of its script at various points along its development and deployment pipeline.

 Upon reviewing our products and code, the HTML comments shown in the screenshot that is referencing newrelic were not injected by New Relic’s agents. It appears they were added to the website by its developers.”

 Meanwhile, Code Hive also refused to provide any information. Instead, they cleared that the email address which was used to set up the account was a personal, not an official CBS email address. Thus, suggesting that the two websites were hacked.

Paul Sciglar

Paul Sciglar is a columnist interested in international policies and economic affairs. Certified Accountant with broad experience in strategic analysis, FP&A, investment banking, and investment management. You may connect with him on Twitter.

Share This article

We welcome comments that advance the story directly or with relevant tangential information. We try to block comments that use offensive language, all capital letters or appear to be spam, and we review comments frequently to ensure they meet our standards. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Coinspeaker Ltd.