Pulitzer-winning website Politifact hacked to mine crypto-coins in browsers
Mysterious malicious code silently chews up CPU cycles to craft cash on visitors' dime
Updated Politifact, the Pulitzer Prize-winning website devoted to checking the factual accuracy of US politicians' words, appears to have been hacked so that it secretly mines cryptocurrency in visitors' browsers.
The dot-com is run by the Tampa Bay Times, and already has its work cut out for it given the state of American politics. Right now, it fires up code from Coin Hive in browsers to generate Monero coins, each worth about $95, for the miscreants who embedded the software in the site's pages.
However, the code hidden on Politifact.com at this moment appears to be malicious: it is completely non-throttled, and kicks off eight instances of the miner, which means it hammers the visiting machine's processor, taking up 100 per cent of spare processor capacity.
The coin-mining code isn't mentioned on the website nor in its terms and conditions, so either Politifact doesn't know it is hosting the mining software, presumably because it's been hacked, or is weirdly keeping quiet about it.
More and more websites are mining crypto-coins in your browser to pay their bills, line pocketsREAD MORE
It appears in this case, as with the mysterious CBS Showtime.com Monero mining, that the Politifact website has been compromised to include the math-crunching code.
Hackers are getting increasingly adept at dumping CoinHive code on unsuspecting web properties and reaping the rewards. Politifact has 3.2 million monthly unique visitors according to its Quantcast analytics, and the CPU cycles from people dropping by may earn the code's operators a pretty penny.
CoinHive is getting a bad rap as the moment as increasing numbers of websites are using its tools to dig up cyber-dosh using the computer hardware and electricity of visitors. A survey earlier this month found 220 websites are using the code, primarily porn sites and torrent trackers.
Having spoken to Politifact this morning, we can say its editorial desk is not aware of the mining software, and is investigating its sudden appearance. Just be aware that when you visit, you'll be directly lining someone else's pockets, assuming your ad blocker isn't shutting it down. ®
Updated to add
Several hours after this article was published, Politifact removed the CoinHive software from its website.
Sponsored: Becoming a Pragmatic Security Leader