But wait, what’s this?! By the title of this article, you may have guessed correctly. Their heavily distributed script hosted on their CDN was modified to secretly mine a cryptocurrency called Monero, without your consent, the irony. From the looks of it, it’s quite possible it was done by a security breach considering the way the script was modified to hide any possible identifying information such as a wallet address so they are not kicked from their pool. Pool operators typically can only ban a user based on wallet addresses since it is a top-notch privacy coin.
The malicious code has been noticed here:
I reached out to cookiescript.info via email about the script that is mining without consent at 4:03 PM CST on 22 March 2018 and asked them if they were aware of this and if it was intentional, as of writing this article for future release no response or correction to their code has been made and continues to mine without consent on thousands of websites that use their code to stay in compliance with regulators. This article will be updated upon receipt of a response and/or when the script has been modified without the mining script attached.
[Disclosure: The author of this story owns small positions in and mines Monero ethically]