Malicious Cryptocurrency Mining Code Removed From UFC Website
Ultimate Fighting Championship (UFC) is a powerhouse when it comes to mixed-martial-arts and also owns a subscription streaming site. The company has in the recent days been involved in a lot of controversies with the latest one involving browser-based cryptocurrency mining that appears to be clandestine.
CoinHive Script and Ultimate Fighting Championship
A monera mining script, Coinhive, had developed a code that could be embedded in a web page, and it was being reported the previous day by many social media users. UFC's Fight Pass streaming site contained the code with the mining script. The source of this code is still unclear to this day. A member of the customer service team at UFC assured the user that they would review the issue as the company takes such cases seriously.
The UFC.TV/FIGHTPASS site code was reviewed by Neulion, one of the best digital service providers, after being notified about the issues that had been reported. According to the digital service provider, the Coinhive java script that had been mentioned did not have any reference.
This finding was reported and published by CoinDesk by a UFC spokesperson. The spokesperson asserted that the company was in the process of reviewing the presented information was ongoing, and that they were sure that the entire site does not have any coding issues.
Reddit brings error to company’s attention
However, Reddit users revealed the page’s HTML that Coin Hive's mining script had some lines of code. The information was shared to Imgur in two separate screengrabs.
Several users saw the software running, and one of the users flagged the incident on Twitter. After reporting the incident to UFC support team via email, a Reddit user was informed that the matter was under consideration. The case attracted a lot of attention, and this made UFC act. Another post revealed that the script had been removed.
According to the Internet Archive’s screen captures, there was no evidence that the source code was on UFC.com. However, the previous day captures were prepared before the reports were made public. The Coin Hive script was unwittingly hosted by a popular site as a way of representing the latest move.
Coin Hive's reaction
The privacy-oriented cryptocurrency monero can be mined by the script using the user’s computer capacity. Coinhive sent an email to CoinDesk before publication claiming that the site key was part of all the screenshots and it could not confirm if mining had taken place or not as well as the quantity that had been mined. Coinhive also stated that its internal site did not have any “super user”.
The company revealed in a statement that either end-users were not affected by the miner or was taken away quickly. Moreover, Coinhive explained that their service cannot be utilized on hacked site due to its strict policy. The company insists that it would not hesitate to close accounts that go against its policy as long the incident has been reported.
The sites of a streaming service owned by Showtime had Coin Hive code as was previously identified. Cloudflare, a web security firm, has declared a serious war on sites that engage in acts of adding mining code to users’ websites without their knowledge.