Let's get ready to grumble! UFC secretly choke slams browsers with Monero miners

Crypto-crafting JavaScript appears on hipster-boxing site

UFC

Yet another website has been caught secretly running Coin Hive's JavaScript that silently pressgangs visitors' computers into mining the Monero digital currency.

On Monday, it was the turn of Ultimate Fighting Championship's pay-per-view ufc.tv site, which streams mixed martial arts battles in which men and women in tight outfits beat the crap out of each other in a cage.

What's super rude is that this is the website people pay good money to watch fights, and yet it was quietly using viewers' PCs to generate alt-coins, making whoever put the code there a fast buck on the side.

The CPU-hogging JavaScript was spotted by a netizen when their Avast anti-malware package flagged up the presence of the code on UFC's Fight Pass. An examination of the webpage's source revealed Coin Hive was trying to operate. It appears there is no warning or notification of the covert mining operation when fans log in.

"I noticed this because my antivirus kept pinging off every time I went on Fight Pass," Redditor gambledub reported.

"It's not harmful AFAIK, but doing this on a service we're paying for is fucked up IMO. I researched Coin Hive, mentioned by my antivirus, and found the JavaScript on their website, and sure enough it's running on Fight Pass."

Over the past few months there have more than 200 cases of websites either covertly installing Coin Hive's freely available stealthy software, as in the case of Pirate Bay, or by having such poor website security that hackers were able to drop it in there surreptitiously and reap the rewards – as we saw with CBS Showtime, Politifact, and on the website of soccer ace Cristiano Ronaldo.

A handful of euro 1 cent coins

More and more websites are mining crypto-coins in your browser to pay their bills, line pockets

READ MORE

UFC hasn't responded to questions about whether or not it officially put the Coin Hive software on its website, but it's unlikely – the biz is very cash rich, and shouldn’t need the relative pittance such a mining operation would bring in compared to its subscription fees. On the other hand, the site's traffic would make it a top spot for hackers seeking profit.

Antivirus software and many ad blockers kill the Coin Hive software on sight as a matter of course, and in response the development team behind the software is no longer working on the code. Instead they have a version that asks for visitors' permission before harvesting their computers' CPU time.

It now appears UFC has removed the Coin Hive software from its website, making the hacking explanation the most likely, but we're still seeking confirmation as to what went on. It appears that the UFC team is a lot more inept at their defense than most of its fighters. ®

Sponsored: Minds Mastering Machines - Call for papers now open


Biting the hand that feeds IT © 1998–2018