The subscription based streaming website owned by Ultimate Fighting Championship (UFC) is under the radar for running a suspicious script which mined Monero running from the browser.
According to social media reports, UFC’s Fight Pass streaming site consisted of a Monero mining script developed by Coinhive that can be embedded in a web page. UFC’s customer support staff replied to a user that “we take these matters very seriously, and will review this” as the origin of the code source was unclear.
A UFC spokesperson wrote in a statement that,
“Immediately upon learning of the reported issue, Neulion, UFC’s over-the-top digital service provider, reviewed the UFC.TV/FIGHTPASS site code and did not find any reference to the mentioned Coinhive java script. We are continuing to review the available information and feel confident that there are no coding issues across the site at this time.”
But two different screenshots shared to Imgur by Reddit users show that the lines of code for Coinhive’s mining script were found in the HTML of the page.
Several users had run the software and one among them emailed UFC support about it. The UFC had to take immediate action due to users concern and script was ultimately removed. The malicious script that uses user’s computer capacity to mine the privacy-oriented cryptocurrency Monero is one of the latest news in hacking.
Since none of the screenshots included the site key, Coinhive refused in giving information about if it had happened or how much had been mined. Coinhive stated that, “For what it’s worth, we didn’t notice any new ‘top user’ in our internal site wide dashboard. So the miner was either removed quickly again or didn’t affect a lot of end users. Just for the record, we have a strict policy against using our service on ‘hacked’ sites and will terminate accounts that violate our terms of service, as soon as we’re notified of them.”
The Coinhive code running on its sites were found previously by a streaming service run by Showtime and warnings were issued by a web security firm Cloudflare that they may crack down on sites working on mining without notifying users.