Pulitzer-winning website Politifact hacked to mine crypto-coins in browsers

Mysterious malicious code silently chews up CPU cycles to craft cash on visitors' dime

Updated Politifact, the Pulitzer Prize-winning website devoted to checking the factual accuracy of US politicians' words, appears to have been hacked so that it secretly mines cryptocurrency in visitors' browsers.

The dot-com is run by the Tampa Bay Times, and already has its work cut out for it given the state of American politics. Right now, it fires up code from Coin Hive in browsers to generate Monero coins, each worth about $95, for the miscreants who embedded the software in the site's pages.

CoinHive is a legit outfit that offers free JavaScript to web admins: the code, when placed on a page, invisibly and silently runs in the browser and takes spare CPU cycles to mine Monero. Whoever controls the code then collects the coins from the miners. This is supposed to be an alternative revenue stream to placing ads on pages.

However, the code hidden on Politifact.com at this moment appears to be malicious: it is completely non-throttled, and kicks off eight instances of the miner, which means it hammers the visiting machine's processor, taking up 100 per cent of spare processor capacity.

Infosec analyst Troy Mursch noticed his computer went into overdrive when visiting the site, and tipped us off in the past hour. Redditors also clocked the secret mining operation.

Burning up those CPU cycles ... Coin Hive code running on Politifact.com (Click to enlarge)

An examination of the JavaScript on the website revealed a huge chunk of mining routines stashed in what appeared to be a script for controlling the site's navigation bar.

The coin-mining code isn't mentioned on the website nor in its terms and conditions, so either Politifact doesn't know it is hosting the mining software, presumably because it's been hacked, or is weirdly keeping quiet about it.

A handful of euro 1 cent coins

More and more websites are mining crypto-coins in your browser to pay their bills, line pockets

READ MORE

It appears in this case, as with the mysterious CBS Showtime.com Monero mining, that the Politifact website has been compromised to include the math-crunching code.

Hackers are getting increasingly adept at dumping CoinHive code on unsuspecting web properties and reaping the rewards. Politifact has 3.2 million monthly unique visitors according to its Quantcast analytics, and the CPU cycles from people dropping by may earn the code's operators a pretty penny.

CoinHive is getting a bad rap as the moment as increasing numbers of websites are using its tools to dig up cyber-dosh using the computer hardware and electricity of visitors. A survey earlier this month found 220 websites are using the code, primarily porn sites and torrent trackers.

Having spoken to Politifact this morning, we can say its editorial desk is not aware of the mining software, and is investigating its sudden appearance. Just be aware that when you visit, you'll be directly lining someone else's pockets, assuming your ad blocker isn't shutting it down. ®

Updated to add

Several hours after this article was published, Politifact removed the CoinHive software from its website.




Biting the hand that feeds IT © 1998–2018