Showtime Websites Used to Mine Monero, Unclear If Hack or an Experiment

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Two Showtime domains are currently loading and running Coinhive, a JavaScript library that mines Monero using the CPU resources of users visiting Showtime's websites.

The two domains are showtime.com and showtimeanytime.com, the latter being the official URL for the company's online video streaming service.

The main Showtime domain name, sho.com, does not include the Coinhive Monero mining script.

....
......
...
The Monero miner was first discovered 16 hours ago, at around 17:00 ET (22:00 GMT) by a Twitter user named SkensNet.
Click to expand...

Hack or experiment?
It is unclear if someone hacked Showtime and included the mining script without the company's knowledge.

Showtime did not respond to a request for comment from Bleeping Computer in time for this article's publication.

It could also be that Showtime is loading the script on purpose, as part of an experiment. This is the most likely explanation, as the setThrottle value is 0.97, meaning the mining script will remain dormant for 97% of the time. A hacker, knowing his intrusion will likely be detected, would usually set a small throttle value and mine as much Monero before getting discovered.

Coinhive has been advertised as a technology that could replace ads by allowing site owners to mine for the Monero cryptocurrency. The technology is very controversial as it uses the site visitor's resources to mine Monero, driving CPU usage through the roof.
Click to expand...

Coinhive increasingly adopted by malware devs
Coinhive, as a technology, is only ten days old, being officially launched on September 14.

Despite this, Coinhive has been recently adopted by a large number of malware operations, such as malvertisers, adware developers, rogue Chrome extensions, and website hackers, who secretly load the code in a page's background and make money off unsuspecting users.
Click to expand...

UPDATE [September 25, 12:55 ET]: The Coinhive mining scripts have been removed from the Showtime domains. Showtime still hasn't answered Bleeping Computer's request for comment.
Click to expand...
 
  • Like
Reactions: Weebarra, L S and tonibalas
A

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
I'd put my money on experiment.
I don't see blackhats running miners on compromised websites when they could just as easily iframe redirect to a Rig kit and ultimately drop some ransomware variant on however many systems.
 
  • Like
Reactions: Maliek and Weebarra
M

Maliek

Level 1
Mar 23, 2017
14
Arequire said:
I'd put my money on experiment.
I don't see blackhats running miners on compromised websites when they could just as easily iframe redirect to a Rig kit and ultimately drop some ransomware variant on however many systems.
Click to expand...

Well this way is much stealthier? I'd put my money also on an experiment btw :)
 
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
Microsoft removes eight cryptojacking apps from official store
Replies
0
Views
1,509
News Archive
silversurfer
silversurfer
silversurfer
    • Like
Malware Spreads As a Worm, Uses Cryptojacking Module to Mine for Monero
Replies
0
Views
1,280
News Archive
silversurfer
silversurfer
Prorootect
    • Like
Government Sites Mine Cryptocurrencies for Cybercrooks
Replies
0
Views
1,129
News Archive
Prorootect
Prorootect

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top