A fact-checking website was hacked to mine cryptocurrency over the internet browsers of its unsuspecting visitors.
The Pulitzer Prize-winning website, PolitiFact, is devoted to sorting out the truth in US politics. But on Friday, it was found secretly hogging the computer resources of those who visited the site.
Independent security researcher Troy Mursch tweeted about the issue after noticing signs of a cryptocurrency miner in the website’s code.
PCMag visited the PolitiFact site on Friday, and noticed CPU system usage would shoot up to over 90 percent.
PolitiFact said in an email: “We identified and removed the source of the problem. We are reviewing how malicious code got on the site and taking necessary steps to secure the site from future bad actors.”
Mursch said the code comes from a company called Coinhive, which developed a controversial cryptocurrency miner to help businesses find a new way to generate online revenue.
However, the Coinhive miner tends to be used in sketchy websites that pirate content or offer porn, according to AdGuard, an ad-blocking service. These sites often struggle to make money from online advertising, so they have to experiment with new ways to make money.
AdGuard found 220 websites using a cryptocurrency mining code in a study it releasedon Thursday.
The Pirate Bay, a popular website affiliated with online piracy, is the site best known for using the controversial miner. Last month it began secretly testing the code on certain web pages, but without users’ knowledge. This has prompted some debate over whether cryptocurrency miners are a form of malware or a legitimate revenue-making tool. Coinhive itself has said websites should integrate the miner in a more “honest” manner to users.
Who might have hacked PolitiFact isn’t clear. But the site quickly removed the miner after realizing the problem. By Friday afternoon, it no longer was hogging CPU resources. The hack probably occured in the last two days. Mursch tweeted that an archived copy of the PolitiFact site made on Wednesday did not contain the Coinhive miner code.