Pulitzer prize winning website Politifact.com is found to be running code to mine crypto currency coins
A website that is dedicated to checking the validity of US political facts and won a Pulitzer price had been found to be running code to mine cyrpto-currencies in visitors browsers. Politifact.com has around 3 million visitors every month but visitors who went to the site over the last few days may have noticed that their CPU usage shot through the roof as the Politifact website had been running javascript code to mine the crypto currency Monero.
The javascript is provided by Coin-hive which offers a legitimate way for website owners to make money without the need for adverts by installing a small piece of code on their website which allows them to use visitors CPU cycles to mine the Monero coins. The code is a useful way for website owners to make money from their visitors without needing to show them advertisements, especially as a lot of people are using ad-blocking software to disable adverts in their browsers meaning that website owner are finding it more difficult to make money from the content they provide on their websites for free.
It does appear that although Coin Hive is legitimate the code that has been embedded onto Politifact had been put there maliciously by hackers, as Politifact made no notification that they had put this code onto their website and it was set at the highest level using all the available CPU cycles on visitors computers. The coin mining code was spotted by users of the website Reddit where it was hidden away inside the javascript for the navigation of the website.
The code has now been removed from Politifact which did suggest that it was potentially put there without the knowledge of Politifact, probably by hackers who had discovered a vulnerability in the web site and took advantage to install their own javascript code. It is not the first time that the Coin Hive mining script has been used by hackers as a way to make money by mining coins on high traffic websites as a similar thing happened to the Showtime.com website.
Injecting this code onto a website with a high number of visitors can make hackers a reasonable amount of money without them relying on people installing any software on their computer as all the work is done inside the web browser.