Users are reporting that the BlackBerry Mobile site is infected with the Coinhive cryptocurrency miner, which uses unsuspecting visitors’ CPU processing power to mine for the Monero virtual currency.
A Reddit user discovered the code on the site and posted about it—noting that only the global www.blackberrymobile.com site, owned by TCL Communication Technology Holding, is affected. Redirect sites for specific countries and those properties owned directly by BlackBerry Ltd are not infected.
TCL has not publicly commented on the situation, but Coinhive weighed in on the Reddit thread saying that the site appears to have been surreptitiously infected—making it the latest to be targeted by Monero-focused cybercriminals. There has also been potentially malicious planting of the miner on premium websites, like Showtime, and the LiveHelpNow widget, among others, and a recently discovered campaign inserts miners into digital ads.
“We’re sorry to hear that our service has been misused,” the company said. “This specific user seems to have exploited a security issue in the Magento webshop software (and possibly others) and hacked a number of different sites. We have terminated the account in question for violating our terms of service now.”
Coinhive, launched in September, offers website owners an alternative to advertising for monetization: Website owners can sign up to the service and embed scripts into their web pages to make page visitors mine for Monero, thus indirectly paying for content. The activity is pooled, making for potentially massive combined mining power, gleaned from masses of users with average hardware visiting a website.
As a result, there has been a rising tide of web-based mining. Symantec recently said that there has been a 34% increase in the number of mobile apps alone incorporating cryptocurrency mining code.
However, the service is not without controversy. In addition to cybercriminal exploitation, the ethics of the business model are murky at best, unless a website discloses to visitors that mining is in effect and/or allows a surfer to opt out. The Pirate Bay, for instance, has caught criticism for nontransparent use on its site.
“Despite Coinhive’s best intentions, unscrupulous operators quickly latched onto the idea of secret mining in the hope that users will not notice,” Symantec said. “The mining process can start quickly and quietly in the browser without anybody noticing, unless insufficient throttling is used, in which case the CPU load may max out during the users' session, which would be an easy telltale for end users to spot.”