Researcher finds 50,000 websites with cryptocurrency mining malware

Researcher Finds Nearly 50,000 Websites Running Cryptocurrency Mining Malware

Troy Mursch from Bad Packets Report recently conducted an investigation, in which he found that the ongoing cryptojacking trend has infected nearly 50,000 websites. According to his report, 48,953 websites are running cryptocurrency mining malware.

Cryptocurrency mining malware essentially consists of a few lines of JavaScript code that allow a website’s admin to use its visitors’ computer resources to mine privacy-centric cryptocurrencies, the most popular one being Monero (XMR).

Mursch’s research was made using source-code search engine PublicWWW. Using it, he scanned the web for pages running cryptocurrency mining malware. Out of the 48,953 affected websites he found, 7,368 are powered by WordPress.

The researcher further revealed that Coinhive is the most widespread mining script out there. It accounts for nearly 40,000 infected websites, which roughly translates to 81 percent of all cases. Back in November, Mursch’s research found 30,000 websites running Coinhive’s script.

The remaining 19 percent of websites were found to be running Coinhive alternatives, like Crypto-Loot, CoinImp, Minr, and deepMiner. The report reads:

“The four Coinhive clones discussed were found on a total of 9,028 websites. CoinImp had the largest market share at roughly 45% while Minr had the smallest at nearly 8%. Crypto-Loot and deepMiner shared the remaining portions at nearly 23% a piece.”

The researcher published a document on PasteBin, detailing all WordPress websites infected with the cryptocurrency mining malware. The document notes that some have already removed the malware, although most are still likely to mine with user’s computers. “Browse at your own risk,” the document reads.

Per the researcher, users looking to protect themselves from the ongoing cryptojacking trend should install the minerBlock extension for Chrome and Firefox. Browsers like Opera and Brave already have built-in tools that block mining attempts as well.

The ongoing cryptojacking trend has been making headlines for affecting high-profile victims, including government websites last month. As reported, Tesla was also hit with a cryptocurrency mining malware attack, as hackers used its cloud to mine.

As covered by Ethereum World News, hackers aren’t just using people’s CPUs to mine Monero. They are now stuffing Monero ransom notes inside distributed denial of service (DDoS) attacks, to get victims to pay them to stop.