Nearly 50,000 sites was infected by crypto-jacking scripts

Troy Mursch, a security researcher from the Bad Packets Report, pointed out that nearly 50,000 websites worldwide have been quietly hijacked by mining and hijacking versions. Relying on the scan of the open source search engine PublicWWW, Mursch found that there were at least 48,953 infected websites, of which at least 7,368 were based on WordPress.

Researchers said that nearly 40,000 websites are infected with a mining hijacking script called Coinhive, which accounts for 81% of the total. In addition, he also pointed out that at least 30,000 websites had been infected with Coinhive since last November.

The other 19% of websites were mostly infected with Coinhive’s similar scripts, such as Crypto-Loot, CoinImp, Minr, and deepMiner. According to further investigations, 2,057 sites were infected with Crypto-Loot, 4,119 sites were infected with CoinImp, 692 sites were infected with Minr, and 2,160 sites were infected with deepMiner.

Source, Image: badpackets

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy

Written by

@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.