Typically, miners generate virtual coins using dedicated machines. If you ask the PC gaming community, these miners are eating up all low-cost, high-performance graphics cards, leaving the market dry and available units highly overpriced. These machines not only generate digital coins, but they help maintain the base ecosystem, such as processing transactions and keeping track of purchases.
But silently using the processor of visitor PCs accessing a website is new. The script used by Showtime is a JavaScript kit called Coinhive, which sat undetected on Showtime’s secondary website, and its online streaming service, Showtime Anytime. Showtime removed the script once the report went live.
The use of Coinhive by a mainstream service is a bit of a mystery. There is speculation that hackers may have gained access to Showtime’s websites and inserted the script to take advantage of unsuspecting visitors. There’s also speculation that Showtime was experimenting with the script, as a specific command in the code kept Coinhive dormant 97 percent of the time. If the script were placed by a hacker, it would generate virtual coins at full speed.
Unfortunately, there’s a good chance Showtime used the script on purpose. The Pirate Bay did something similar two weeks ago using the same Coinhive script, although the site didn’t silently sip unused CPU resources. Instead, The Pirate Bay wanted feedback from its visitors, who didn’t like the idea of a website silently accessing their system resources in the background.
The use of Coinhive presents several problems. For starters, Sites using the script are intentionally slowing down your PC to generate virtual coins as something of a payment for accessing their services. Even more, Coinhive is already becoming a tool used for ill intent, such as running on “typosquatted domains” — those often malicious websites you visit when typing the wrong web address — and appearing in Chrome browser extensions.
But that is only the chilling tip of the iceberg. Hackers have flocked to Coinhive and are reportedly breaking into websites to install the kit and silently generate virtual money. Coinhive is also making its way into advertisements that lead not only to sites that seize the browser with fake security alerts, but generate virtual coins in the background while the user tries to regain control.
Ultimately, your PC is your property and no one has the right to use your hardware to create virtual money without permission. The Pirate Bay’s experiment alone could have generated at least $12,000 in Monero per month you will never see.
Parent company CBS Corporation declined to provide a comment.
