The website for Ultimate Fighting Championship (UFC) is the latest victim of the Coin Hive malware that secretly mines for Monero cryptocurrency.
In the world of sports, few things are as hot as Ultimate Fighting Championship (UFC). Millions tune in to watch bouts of modern day gladiators using a wide variety of fighting styles. Yet even the martial prowess of the UFC cannot keep them from being the victims of malware. The Register recently reported that the UFC website was found to be secretly running the Coin Hive JavaScript to mine the Monero cryptocurrency.
Adding Insult to Injury
The actual site in question is the pay-per-view website for UFC (ufc.tv.site) that streams mixed martial arts matches. The Coin Hive JavaScript was first noticed by a user when their Avast anti-malware program detected its presence on UFC’s Fight Pass. What really adds insult to injury in this case is that people spend real money on the site to watch matches, but their computer is then secretly tasked with mining Monero.
There was no notice that the Coin Hive script was being run. Redditor gambledub noted:
I noticed this because my anti virus kept pinging off every time I went on Fight Pass. It’s not harmful AFAIK, but doing this on a service we’re paying for is fucked up imo. I researched Coin Hive (mentioned by my anti virus) and found the javascript on their website, and sure enough it’s running on Fight Pass.
Hack or Inside Job?
The interesting question about the Coin Hive malware being on the UFC website is whether it was done by hackers or by the UFC. One would think that the UFC makes enough money through their streaming fees and other endeavors to not risk the ire of their paying customers by inflecting malware on them. The logical assumption is that a hacker did this as Coin Hive has become extremely popular with them. In the last few months alone, more than 200 sites have had the malware quietly installed, either by the site itself or dropped in by hackers.
Yet the UFC has not issued any sort of statement on the Coin Hive script found on their site, even though the offending script has now been removed. If the UFC placed the script, it could be considered potentially illegal and definitely unethical. If a hacker placed it, then it shows that the website is seriously lacking in security, which is not good as people have financial data (credit cards, etc.) stored on the site.
This just continues to show how criminals will use the latest technology to line their pockets. The concept of Coin Hive is actually not a bad thing at all, but just like most things, it can be easily perverted for nefarious gains. If the UFC was hacked, it would be fitting justice to send one of their fighters to have a “talk” with the hacker in question.
Do you think Coin Hive found on the UFC site was placed by a hacker or by the UFC itself? Have you been the victim of this malware? Let us know in the comments below.
Images courtesy of Pxhere, Flickr, and Wikimedia Commons.