50,000 Websites Infected With Cryptocurrency Mining Malware

Mar 10 2018

With the rise in cryptocurrency awareness and cryptocurrency popularity, there has also been a sharp rise in cryptocurrency related scams and cyber-crime. There are a number of ways by which people with malicious intentions could make use the crypto-technology. While attacks involving hacking of exchanges and exchange accounts is common, as well as ransomware attacks - there’s another kind of attack which is getting increasingly common - Cryptojacking.

For those who may not be aware, cryptojacking is the process of mining for cryptocurrencies on a user’s PC without their knowledge. This can be attained by injecting a malicious code into a website or an app. Cryptojacking has been around since as early as 2014 - but there has been a sharp spike in the practice in 2017, partly because of the popularity of the Coinhive strict and partly because of the boom in cryptocurrency prices making it lucrative for hackers. 

According to security researcher Troy Mursch from Bad Packets Report, close to 50,000 websites are infected with various cryptocurrency mining malware. Mursch made use of source-code search PublicWWW to scan for various web pages which are running cryptocurrency mining malware. As per Mursch’s observations, at least 48,953 websites are affected by cryptocurrency mining malware.

Interestingly, his report points that out of these 48,953 websites that are affected by this kind of a malware, 7,368 websites are based on Wordpress. Moreover, the aforementioned Coinhive script continues to be the most popularly used script for mining cryptocurrencies via cryptojacking as 81% of all affected websites (close to 40,000 websites) were making use of the Coinhive script. This number is significantly up from 30,000 websites which were running the Coinhive script in the November of last year - which was discovered by Mursch last year.

For those wondering what the other 19% websites were running, these websites were split between Coinhive alternatives such as Crypto-Loot, CoinImp, Minr and deepMiner. Mursch’s research suggests there are 2,057 sites infected by Crypto-Loot, 4,119 by CoinImp, 692 sites by Minr, and 2,160 by deepMiner.

Over the past few months, it has been found out that a large number of websites, including those of prominent newspapers in India and the government of UK were affected by this cryptocurrency mining malware where users visiting those websites were unknowingly mining for cryptocurrencies. Moreover, a YouTube ad was also injected with a code which was causing viewers to mine for cryptocurrencies. However, while hackers step up their game, security researchers are busy finding them out and neutralizing the threat. 

If visiting a website is causing your computer to slow down or your browser to hang, check your CPU usage statistics. If the CPU usage spikes up on visiting that particular web page, there is a strong chance that the website is mining for cryptocurrencies on your PC. Mursch states that installing the MinerBlock extension for Chrome and Firefox browsers can help you stay safe from such attacks. The Opera web browser blocks these scripts by default. 

Comments