Cryptojacking Malware has hit the roof and if latest research from Bad Packets Report is to be believed, nearly 50,000 websites have been covertly infected with crypto-jacking scripts.
The security researcher; Troy Mursch at Bad Packets Report has successfully used PublicWWW; a search engine that can index the entire source code of websites, as a tool to expose crypto-jacking malware hiding beneath thousands of websites.
His research has found an alarming 48,953 affected websites running on crypto-jacking malware. The report also states that more than 7,368 of websites powered by WordPress are also stealthily compromised by the cryptojacking malware.
Another malware that has been unearthed by Bad Packets is Crypto-Loot, a very popular Coinhive alternative which shares similar functionalities and doesn’t require any user interaction and can run secretly in the background.
The statistical data done by Bad Packets indicates that the Coinhive tops the list in cryptojacking malware and has a good penetration of 81.6% compared to others and is and will be the market leader in cryptojacking for today and the foreseeable future.
The research also shed light on Coinhive clones like CoinImp affecting 4,119 websites, Minr affecting 692 sites, and deepMiner affecting 2,160 websites.
Coinhive has direct become an inspiration for the birth of these clones and has collectively affected more than 9,028 websites and manages to have exponential growth rates.
“Malware like CoinImp had the largest market share at roughly 45% while Minr had the smallest at nearly 8%. Crypto-Loot and deepMiner shared the remaining portions at nearly 23% a piece”; reads the Bad Packets Report. The extensive analysis can be grabbed from here.
Why should you be beware about Coinhive?
How to stop sites from using your CPU cycles to mine Cryptocurrency
Since CoinHive is a very popular cryptocurrency miner, many website owners are using it without asking users’ permission and access their CPU cycles. Websites like PirateBay has started running “tests” without user permission, and now publicly admitted in a recent blog post that they did used CPU cycles of users for cryptocurrency mining as an alternative for making money by running ads. Users can stay away from these uncalled “tests” by website owners and stay protected by installing plugins like minerBlock and No Coin, which are specifically designed to block popular crypto miners from using computer power. These plugins are very flexible and allow users to whitelist certain sites from the blocked domains list in case they want to lend their CPU cycles to some.
Thanks for dropping by. Ready for the next blog?