Major Political Website Hosts Malicious Monero Cryptocurrency Miner

The Internet has seen a lot of malicious cryptocurrency mining scripts on popular websites this past year, and that’s just the start of it. Used as a partner or an alternative to advertising, cryptocurrency mining scripts tap into your computer’s CPU cycles to use resources to mine coins, which results in being sold for cash. Unfortunately, there aren’t many signs of a miner being hosted on a website, and this seems to have been the case for Politifact, a politically fueled fact checking website.

Security expert Troy Mursch noticed something was off when browsing Politifact’s website earlier this week. Before visiting, his PC was functioning as usual. Once on the homepage of Politifact, however, CPU usage spiked to 100 percent, a clear sign of a miner leeching off of local hardware. Troy discovered Coin Hive, a Monero-based piece of code webmasters use to mine from coin from users, using resources from his PC.

Coin Hive has been used in place of advertisements, though in this case it is entirely malicious, especially indicated by the multiple processes of Coin Hive running concurrently. The spike of CPU usage is a clear result of multiple Coin Hive instances running.

Mursch wasn’t the only one though. Security expert Brian Krebs also noticed a 100 percent CPU usage spike once visiting Politifact. It’s not just one or two instances either. According to HotHardware and Kreb’s Twitter, Kreb noticed up to two dozen Coin Hive processes running at once.

Executive director of Politifact Aaron Sharockman claims a third-party ad provider may be the root of the issue. In any case, the use of Coin Hive in this manner is highly malicious, especially without making users aware.

Other websites guilty of running Coin Hive instances include both The Pirate Bay and Showtime. The Pirate Bay chose to run Coin Hive without consent or acknowledgement, and Showtime was a victim of a hack.

Dil Bole Oberoi