Two of the biggest Indian newspaper websites, Deccan Chronicle and The Asian Age are allegedly running the Coinhive script to mine for cryptocurrencies using the processing power of the visitors of their website. A look into the code that powers the website shows that it is loading the Coinhive javascript.
Coinhive is one of the most tainted names when it comes to the world of cryptocurrencies. The Coinhive script basically allows website owners to harness the processing power of their visitors to mine for Monero (XMR). A large majority of these websites do not notify the users that they are using their processing power to mine for cryptocurrencies, which is unethical.
2017 was the year that cryptocurrencies became mainstream. However, as cryptocurrencies became mainstream, a large number of unsuspecting and novice users joined in. With the rise in popularity of cryptocurrencies, there was also a sharp rise in the number of cryptocurrency related crimes. While using Coinhive isn’t a crime, but it is highly unethical to do so without informing the visitors.
A prolonged stay on these websites may result in the browser hanging or slowing down, as well as a sharp spike in the CPU usage of the users. The suspect Javascript filewas being loaded from two different CDNs, the first being cdn.deccanchronicle.com and the other being d2u6vujtbrga6l.cloudfront.net.
Hey @DeccanChronicle, and @TheAsianAgeNews! Your pages are loading #Coinhive #cryptomining Javascript.
— Banbreach (@Banbreach) February 4, 2018
Unsuspecting users visiting these pages may face unexpected CPU usage spikes, and browsers may hang. pic.twitter.com/BzbodPYcyK
The fact that these websites were running the Coinhive Javascript was quite alarming. This was discovered by the popular Twitter handle Banbreach, where such security threats and privacy violations are frequently posted. The handle posted multiple screenshots (as seen in the Tweet above) showing the source of the websites where Coinhive was being loaded.
Coinhive was originally created with the intention of it being used as a source of revenue for websites, but in their terms and conditions, they have specifically asked the webmasters to mention it on the website that a script in the background is mining cryptocurrencies using the visitors’ processing power. This isn’t even the first time (and certainly not the last time) that this controversial script has been in controversy.
The notorious Coinhive mining script was used by ThePirateBay, a number of fake Android Apps and was even used on YouTube ads for a while. This technique of using Coinhive’s javascript to mine cryptocurrencies on computers of unsuspecting users has been termed ‘Cryptojacking’. There has been a significant rise in cryptojacking over the past few months - and it appears that even more websites are likely to adapt similar models in the future.
Ever since the Banbreach report came out, the script has been pulled down.
It is shocking that newspapers as reputed as the Deccan Chronicle and the Asian Age are involved in cryptojacking practices. There’s a possibility that it might not be an official decision from the newspaper but a rogue employee who may have been behind it. However, it’s always good to stay alert about such threats that are rising with the rise of cryptocurrencies.
