Slashdot Mirror

← Back to Stories (view on slashdot.org)

Showtime Websites Are Mining Monero With Your CPU, Unclear If Hack Or Experiment (bleepingcomputer.com)

Posted by msmash on from the watch-out dept.

An anonymous reader writes: Two Showtime domains are currently loading and running Coinhive, a JavaScript library that mines Monero using the CPU resources of users visiting Showtime's websites. The two domains are showtime.com and showtimeanytime.com, the latter being the official URL for the company's online video streaming service. It is unclear if someone hacked Showtime and included the mining script without the company's knowledge. Showtime did not respond to a request for comment, but it could be an experiment as the setThrottle value is 0.97, meaning the mining script will remain dormant for 97% of the time. Despite this, Coinhive has been recently adopted by a large number of malware operations, such as malvertisers, adware developers, rogue Chrome extensions, and website hackers, who secretly load the code in a page's background and make money off unsuspecting users. At least two ad blockers have added support for blocking Coinhive's JS library -- AdBlock Plus and AdGuard -- and developers have also put together Chrome extensions that terminate anything that looks like Coinhive's mining script -- AntiMiner, No Coin, and minerBlock.

The Pirate Bay recently ran tests using Coinhive. A recent report has calculated that a site like The Pirate Bay could make around $12,000 per month by mining Monero in the background.

13 of 149 comments (clear)

  1. Still think NoScript is optional? by Anonymous Coward · · Score: 2, Insightful

    Firefox, you will be missed.

  2. The site doesn't make money. Users lose money. by Anonymous Coward · · Score: 5, Insightful

    A recent report has calculated that a site ... could make around $12,000 per month by mining Monero in the background.

    It's not really a case of the site making money. They haven't actually produced anything of real value, so wealth hasn't been created. All they've done is consumed the computing and electricity resources of the site's users, and converted them to an entry in some distributed database. Overall, it's a net economic loss. Resources were consumed without producing anything of value.

    At least advertising, as shitty as it is, can potentially result in a sale, which is an example of actual wealth creation.

    1. Re: The site doesn't make money. Users lose money. by bluefoxlucid · · Score: 2

      Entertainment is bad, and we should all work to produce boring but necessary things.

      So, you're Mormon?

      --
      Support my political activism on Patreon.
    2. Re: The site doesn't make money. Users lose money. by Qzukk · · Score: 2

      That, or a Marxist. Time wasted on frivolities means less that can be taken from you according to your abilities.

      --
      If I have been able to see further than others, it is because I bought a pair of binoculars.
    3. Re:The site doesn't make money. Users lose money. by Rick+Schumann · · Score: 4, Interesting

      The real question is, I guess: Is this better or worse than ads? Pretty much everyone hates ads. This, ostensibly, would run silently in the background. If you're informed it's happening, and making a very broad assumption that there isn't going to be any malicious code being executed (implies they protect it from being hacked/repurposed into something malicious) is it a better solution for funding websites instead of ads?

    4. Re: The site doesn't make money. Users lose money. by LocalH · · Score: 2

      You do realize that Showtime is a premium network, and sites in question are legitimate, correct? Nobody is watching pirated content at either of those URLs.

      --
      FC Closer
    5. Re:The site doesn't make money. Users lose money. by Rick+Schumann · · Score: 2

      Again, if it were I implementing this.. I probably would detect it being on a smartphone and not have it execute at all, or at most have it be 'opt in', simply because something like this would kill a smartphone battery in nothing flat, maybe even compared to playing HD video. They'd be offered a choice of paying a subscription fee or pay-per-use fee instead.

  3. Doing it sleathily is wrong, but perhaps... by Bugler412 · · Score: 5, Interesting

    Doing it this way, unannounced and underhanded is wrong. However, if done in an upfront and informed way I would likely accept some form of low impact mining on my PC while consuming content over most forms of advertisement.

  4. Remember kids... by RyanFenton · · Score: 4, Insightful

    Never browse without properly community-maintained ad blocking and script blocking.

    And if any company complains about not being able to 'serve' you properly as they'd like to... add a request to have that complaint blocked.

    Ryan Fenton

  5. Voluntary mining would be fine... by EndlessNameless · · Score: 5, Interesting

    I would gladly donate CPU time to support a site instead of viewing ads.

    I might even idle my browser there---if it doesn't affect anything else I do. They really need to have a light touch though.

    And, it should go without saying, but no mining on mobile. If I have to choose between bandwidth for ads and battery life, I'll take the ads.

    --

    ---
    According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
  6. Terrible way to fund sites by FeelGood314 · · Score: 5, Interesting

    CPU mining has a return of between 1 and essentially 0% depending on the currency and the price of electricity. Best case scenario, you leave you web browser open for two days, you consume $1 of extra electricity and the web site gets $0.01. Unless the browser could leverage your GPU, you live in Quebec (cheap electricity) and it's winter so you are heating your house with the GPU, this is never going to make sense.

    1. Re:Terrible way to fund sites by johannesg · · Score: 4, Insightful

      CPU mining has a return of between 1 and essentially 0% depending on the currency and the price of electricity. Best case scenario, you leave you web browser open for two days, you consume $1 of extra electricity and the web site gets $0.01. Unless the browser could leverage your GPU, you live in Quebec (cheap electricity) and it's winter so you are heating your house with the GPU, this is never going to make sense.

      It makes perfect sense if it is other people paying for the electricity...

  7. Re:Hell, I KNOW it is (inferior vs. hosts) by Rakarra · · Score: 2

    See subject & https://tech.slashdot.org/comm... [slashdot.org] - NoScript's inferior & inefficient vs. hosts (noscript & addons have overheads FAR beyond hosts + operate in slower usermode (vs. hosts in faster kernelmode)). No SINGLE addon does as much (& for FAR less resources), no questions asked!

    I like host-based approaches, but what if the website itself serves out the malicious/inefficient/junk JS? I'd like to be open to open a website without its javascript crap firing off, so I feel like I still have to enable NoScript. Worse, I'd like to enable things like googleapis but only if certain websites request them, but NoScript just lets you + or - googleapis completely. IE, if I enable it, then both goodsite.com and badsite.com automatically get to use them, and I don't know any way around that at the moment.