CBS Websites Found to Have Monero Mining Code
It has now been discovered that two websites of CBS networks have the same code embedded. This is indeed an interesting discovery as it leads people to wonder how such code could have been embedded on their sites. Although each browser is unlikely to mine a lot of Monero by itself, when there are thousands of users viewing a page then a large return is indeed likely.
The Showtime Monero Mystery
Although most commercial websites are trying to find ways to maximise the returns from their users, it is unlikely that such a reputable company like CBS would allow such scripts on their Showtime page. Slowing down a user's computer and impeding their browsing experience is sure to cannibalise their other revenue. Also, ShowTime is a paid service so it would be nonsensical for CBS to hamper paid user's experience.
That hackers would try and make use of other's computing power to mine coins is not a foreign concept. We have previously seen how Russian hackers had installed Malware on PCs that quietly mined Monero in the backend.
Choosing Showtime as the target of the code is not unsurprising. These websites generate massive amounts of traffic with users who usually stay on a page for a considerable period of time. This is no doubt the perfect type of website to implant a mining script that can run in the background.
How the hackers managed to compromise the CBS website and plant the code is not fully known. There is the possibility that it was inserted using HTML tags of the web analytics provider New Relic. This does not suggest that New Relic was in anyway complicit but it shows that when third party software is involved, potential vectors for attack increase substantially.
Nevertheless, hackers managed to find a vulnerability and exploited it to the expense of CBS. They should therefore try to pinpoint the exact vulnerability and patch it before any attempts at far more damaging data breaches.
Featured Image via Fotolia
Disclaimer: These are the writer’s opinions and should not be considered investment advice. Readers should do their own research.