Cryptojacking Malware has hit the roof and if latest research from Bad Packets Report is to be believed, nearly 50,000 websites have been covertly infected with crypto-jacking scripts.

The security researcher; Troy Mursch at Bad Packets Report has successfully used PublicWWW; a search engine that can index the entire source code of websites, as a tool to expose crypto-jacking malware hiding beneath thousands of websites.

His research has found an alarming 48,953 affected websites running on crypto-jacking malware. The report also states that more than 7,368 of websites powered by WordPress are also stealthily compromised by the cryptojacking malware.

Among the malware, the researcher point mainly towards CoinHive, a widespread crypto-jacking script based on JavaScript to mine the cryptocurrency Monero, in particular, the sole reason behind the infection of more than 40,000 websites.

Another malware that has been unearthed by Bad Packets is Crypto-Loot, a very popular Coinhive alternative which shares similar functionalities and doesn’t require any user interaction and can run secretly in the background.

The statistical data done by Bad Packets indicates that the Coinhive tops the list in cryptojacking malware and has a good penetration of 81.6% compared to others and is and will be the market leader in cryptojacking for today and the foreseeable future.

The research also shed light on Coinhive clones like CoinImp affecting 4,119 websites, Minr affecting 692 sites, and deepMiner affecting 2,160 websites.

Coinhive has direct become an inspiration for the birth of these clones and has collectively affected more than 9,028 websites and manages to have exponential growth rates.

“Malware like CoinImp had the largest market share at roughly 45% while Minr had the smallest at nearly 8%. Crypto-Loot and deepMiner shared the remaining portions at nearly 23% a piece”; reads the Bad Packets Report. The extensive analysis can be grabbed from here.

Why should you be beware about Coinhive?

What makes Coinhive a controversial cryptocurrency miner service is that it offers API access for website owners to deploy a miner on their site using JavaScript, have it communicate with the remote server of CoinHive and allow the covert miners to use the user system to run CPU-gorging applications to mine coins without permission.

How to stop sites from using your CPU cycles to mine Cryptocurrency

Since CoinHive is a very popular cryptocurrency miner, many website owners are using it without asking users’ permission and access their CPU cycles. Websites like PirateBay has started running “tests” without user permission, and now publicly admitted in a recent blog post that they did used CPU cycles of users for cryptocurrency mining as an alternative for making money by running ads. Users can stay away from these uncalled “tests” by website owners and stay protected by installing plugins like minerBlock and No Coin, which are specifically designed to block popular crypto miners from using computer power. These plugins are very flexible and allow users to whitelist certain sites from the blocked domains list in case they want to lend their CPU cycles to some.

Users can also make use of JavaScript-blocking extensions like NoScript in FireFox and ScriptSafe in Google Chrome as another good alternative to manually add the cryptominers in question to block domains using an ad-blocker and have a good browsing online experience.

The post Cryptojacking in Prime and Why You should be Beware appeared first on Sysally.