Behind-the-Scenes Cryptocurrency Mining Discovered on Showtime Sites

Showtime Networks apparently has mined the websites of online viewers using the same Coinhive technology that The Pirate Bay recently used in a test run on its site.

A subsidiary of CBS, Showtime is a premium television network that offers professional boxing, feature films, original scripted television shows like Ray Donovan and other programming.

Showtime is one of several major cable networks to offer direct streaming subscriptions to viewers who prefer to watch online instead of using a cable or satellite service. It offers a direct subscription for US$10.99 per month.

Mining Monero

Embedded coding found on Showtime.com and ShowtimeAnytime.com indicated that the Coinhive javascript miner was being used to hijack the CPU of site visitors. Like The Pirate Bay, Showtime apparently was mining the emerging cryptocurrency monero.

Twitter user @SkensNet first discovered the problem, according to information security analyst Troy Mursch of the Bad Packets Report.

@Showtimeanytime @Showtime https://t.co/3OO1i4RdOi looks to have been hacked. In your source code – "https://t.co/D6uFZJgzSe"

— SkensNet (@skensnet) September 23, 2017

It is unclear whether Showtime was aware of or involved in planting the Coinhive mining technology into its source code.

Showtime declined to comment, said Erin Calhoun, senior vice president of corporate communications.

Not New Relic’s Doing

Source code found on the site also appears to be linked to Web analytics firm New Relic; however, the firm has denied any direct involvement in the incident.

“We take the security of our browser agent extremely seriously and have multiple controls in place to detect malicious or unauthorized modification of its script at various points along its development and deployment pipeline,” said spokesperson Andrew Schmitt.

After reviewing its products and code, the firm found that “the HTML comments shown in the screenshot that are referencing New Relic were not injected by New Relic’s agents,” Schmitt told the E-Commerce Times.

It appears that the code was added to the website by its developers, he suggested.

Tech Support Scams

The javascript miner targets compromised websites and “uses social engineering lures and leading users to pay for illegitimate tech support services,” Jon Clay, director of global threat communications at Trend Micro, told the E-Commerce Times.

A javascript mining scam called the “EI Test Campaign” can be traced back to 2014, when cyberthieves pretending to be tech support specialists used the Angler Exploit kit to spread ransomware, noted Trend Micro researcher Joseph Chen in an online post. Starting in January of this year, they switched over to using Hoefler text phishing scams or tech support scams.

Trend Micro researchers identified about 990 sites that were compromised by injecting malicious code that diverts users to the tech support site. Coinhive recently was added to those sites.

Bad Coins

Cryptocurrencies like bitcoin and monero are operating in a kind of Wild West environment, where the rules are still not quite settled, noted Jessica Groopman, principal analyst at Tractica.

“To some degree, companies like Showtime and Pirate Bay are seeing what they can get away with,” she told the E-Commerce Times. “The problem with this trend is it lacks user consent.”

Companies may be reluctant to inform users, Groopman said, because that might incentivize them to demand a share of the monetization.

David Jones is a freelance writer based in Essex County, New Jersey. He has written for Reuters, Bloomberg, Crain's New York Business and The New York Times.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories

E-Commerce Times Channels