Google Tag Manager allows marketers to create code to dynamically inject JavaScript snippets
Thank fuck for NoScript.
Crypto-jackers using Coin Hive code to secretly mine Monero via computing power supplied by the unsuspecting have found Google Tag Manager to be a convenient means of distribution. Security researcher Troy Mursch told The Register that he recently found Coinhive's free-to-use JavaScript running on the Globovisión website – …
Been saying this all along, NoScript is one of the most essential tools people require... and I'm so glad that it's been updated for Firefox Quantum as there was about 4-5 days I had no protection this week.
I would suggest that this has happened either because someone at the TV site decided to add the miner to their site to 'test it out' whether with authorisation or not, or the company's Google account was hacked and so the hacked had access to the company's tag manager control panel. You probably won't find out as it would be blamed on a hacker anyway.
If they had access to the website itself then they could just add the code directly or obfuscate with one of the many shortening services available.