Two CBS Showtime Websites Caught Mining Monero Coins on Viewer’s Browsers

Updated on Mar 10, 2020 at 11:00 am UTC by · 2 min read

Two websites operated by CBS’s Showtime video network have been identified as containing cryptocurrency mining scripts.

It is not unusual to hear news about stealing computing resources for cryptocurrencies, but the latest issue about this involves two websites of CBS Showtime, a giant television corporation in the US. The incident happened last September on Showtime.com and ShowtimeAnytime.com.

Did the Company Really Use their Viewer’s Browsers to Gain Profit?

It seems very unlikely for a big company that charges their subscribers for watching their shows would do something like this. However, the Javascript codes on the two websites somehow prove the seemingly strange and cheap act. According to the reports, the codes were able to calculate new Monero coins, which is a privacy-focused cryptocurrency similar to Bitcoin.

Without the viewers noticing, the hidden software had already consumed around 60 percent of their CPU capacity. Today, 1 Monero coin is equivalent to $92. Upon appearing in the sites last September 26, the JavaScripts vanished or removed the next Monday.

Then, Who is the Real Culprit?

The JavaScript was in between HTML comment tags that looks like it was inserted by the web analytics New Relic. Again, it would be strange for CBS Showtime to deliberately insert scripts onto their subscriber’s pages.

What is possible is that the code must have created by someone or maybe a group of hackers was able to get the websites’ source code and stash the mining JavaScript to earn money quick.

While the management of Showtime refused to comment on the issue, New Relic is firm that the mystery codes were not from them.

Andrew Schmitt from New Relic said:

“We take the security of our browser agent extremely seriously and have multiple controls in place to detect malicious or unauthorized modification of its script at various points along its development and deployment pipeline.

 Upon reviewing our products and code, the HTML comments shown in the screenshot that is referencing newrelic were not injected by New Relic’s agents. It appears they were added to the website by its developers.”

 Meanwhile, Code Hive also refused to provide any information. Instead, they cleared that the email address which was used to set up the account was a personal, not an official CBS email address. Thus, suggesting that the two websites were hacked.

Share:

Related Articles

Monero Price Tanks 17% Soon after Binance Delists XMR

By February 6th, 2024

Crypto exchange Binance said that it decided to delist XMR and other coins as they do not meet their requirements or the industry changes.

Finnish Authorities Connect Monero (XMR) Transactions to Vastaamo Data Breach

By January 29th, 2024

Although the Finnish authorities did not reveal the method used in analyzing Monero, Julius Aleksanteri Kivimäki has been confirmed as the key figure behind the Vastaamo data breach.

Pullix (PLX) Raises over $3 Million in a Month, Stellar (XLM) and Monero (XMR) Continue Downward Descent

By January 11th, 2024

Discover the latest developments in the Stellar, Monero, and Pullix communities.

Exit mobile version