Cryptojacking is well on its way to becoming a new menace to internet hygiene.
Dodgy code capable of mining a digital currency called Monero mysteriously surfaced on TV giant Showtime.com late last month, and then appeared on the official website of Portugal and Real Madrid soccer ace Cristiano Ronaldo last week.
The JS code that was on his website has since been removed, said security researcher Troy Mursch.
Both the Showtime and Ronaldo websites used software from Coinhive, which mined Monero. The Pirate Bay deliberately planted the mining code on its site before owning up to the "test" some time later. In other cases, the mining was either the byproduct of malicious adverts or run via legitimate but compromised websites, as in both the Showtime and Cristiano Ronaldo cases.
CBS's Showtime caught mining crypto-coins in viewers' web browsersREAD MORE
Only diligent nagging by security researcher Mursch (@bad_packets) over several days to the developers behind the Ronaldo site secured the admission that the script wasn't put there by them and the suggestion to talk to CR7's management company.
Ronaldo's people have yet to respond directly to The Register's repeated requests for comment. "Since the code on @Cristiano's was unthrottled, it was probably miscreants," Mursch told El Reg.
The amount to be made for criminals is normally quite small, perhaps into the thousands of dollars. High traffic sites would be able to generate a lot more through legitimate advertising.
For miscreants, cryptojacking offers a number of advantages even though it's less lucrative than serving up malicious ads that sling either malware or tech support scams.
Although some experts argue that crypto mining is a form of theft, it has the advantage of being much less likely to generate complaints. The technology exists in a grey area made more obscure because of the difficulty of knowing whether or not code is there with the permission of website owners or not. The presence of the code on sites does not affect their core functionality.
A list of sites running Coinhive can be found here. Another scripting nasty, dubbed CryptoLootMiner, has surfaced in other incidents. ®