UFC Website Gets Knocked Out with Coin Hive Miner
When it comes to pay per view entertainment in sport, nothing quite compares to live fighting. This is true of Boxing and Mixed Martial arts (MMA). The Ultimate Fighting Championship (UFC) is the home of MMA and fans from all across the world log into their website to watch the latest fights.
However, according to a report from the register, the UFC pay per view website (ufc.tv) was found to have the coin hive JavaScript mining plugin. What is not immediately clear at this stage is whether this was done intentionally by the UFC or if this was as a result of a malicious actor.
If it was inserted by UFC themselves then users of UFC then this would be particularly unpalatable. This is because the UFC already charges users for the right to access the fights from their PC via a subscription.
Well Known Miner
We have previously covered numerous reports of the coinhive miner that has been found on a range of websites from the pirate bay to CBS Showtime. The Javascript plugin uses the PC's browser to mine for the Monero cryptocurrency. It is not a malicious script and will only make use of processing power and possibly slow down the PC.
In the case of the UFC website, a user was able to pick up on it when their Avast anti-malware scanner alerted them to it. Upon noticing that the script was trying to use their browser to mine coins, the user took to Reddit and made his feelings known.
I noticed this because my anti virus kept pinging off every time I went on Fight Pass. It’s not harmful AFAIK, but doing this on a service we’re paying for is fucked up imo. I researched Coin Hive (mentioned by my anti virus) and found the javascript on their website, and sure enough it’s running on Fight Pass.
Who is to Blame?
It seems most likely though, that it was not the UFC that had inserted this script onto their site. Much like the case of the CBS showtime script, it would not make sense for such a large company with extensive revenues to imped user experience with a mining script. This is because the amount of money that they could be expected to make from the mining could be out shadowed by the lost revenue of clients ending their subscriptions.
Hence, one can only conclude that the miner was inserted by a hacker. We have noted the exponential rise of Coinhive being used on websites. There has been no communication from the UFC on the mining script even though it has been removed.
Either of the scenarios of how the script got there would be troubling. If it was a hacker then it means that the UFC website has a vulnerability that could open it up to more damaging exploits. If it was the UFC then it would be highly unethical and could open the company up to lawsuits.
A good lesson from this is that you should always have your antivirus updated when browsing online and streaming content. The Coinhive miner will try to make you an unwitting miner even when you are watching your sport of choice.
Featured Image via Fotolia
Disclaimer: These are the writer’s opinions and should not be considered investment advice. Readers should do their own research.