A survey conducted by a security company on the largest sites on Alexa’s traffic meter showed that many sites in the top 10,000 of the platform were infected with malware, mainly with credit card skimmers Crypto Profit (data thieves) and cryptojacking software (cryptomime miners).
According to the Bleeping Computer site, Palo Alto Networks, a cyber security company, discovered that many of the world’s most visited and highly ranked sites were infected.
According to the results of the studies, some of the sites that were infected included:
libero(.)it -Libero is one of the largest sites in Italy and offers different services, from email creation to a search engine. Infected with malware from illegal cryptomime mining.
pojoksatu(.)id – Big news site from Indonesia. Infected with cryptojacking malware.
heureka(.)cz – Largest e-commerce platform in Central Europe. Infected with a malware that steals credit card data.
Curiously, cryptojacking malware is being executed through Coinhive scripts. Coinhive was a browser miner that worked for a while and presented a legitimate business model. However, the company decided to cease its activities after many people abused the program to harm Internet users.
However, Coinhive’s script seems to remain active on some sites, and is still being used to mine Monero cryptomites without the consent of the surfers.
According to information from Palo Alto, there are still two sites that continue to offer server service for CoinHive scripts, coinhive.min.js and JSECoin.
cryptojacking on site
Source code of one of the infected sites, zombangla.com, running the Monero mining script. Source – Palo Alto
These miners do not infect visitors‘ machines, only the site. But whenever someone enters a website that is contaminated the CPU usage goes up considerably and ends up leaving the computer much slower.
The company pointed out that in many of the sites analyzed there were advertisements that took visitors to other sites, which installed the script in the browser, damaging the victim’s computer full time.
An advertisement to sell a vehicle. The advertisement contained several misleading links. Source: Palo Alto.
Interestingly, JSECoin’s website closed in April of that year. So the scammers who use the Coinhive script through the site can still apply the scams, but can no longer receive the cryptomorphs that are mined.
To protect yourself from these scams it is always recommended never to visit suspicious websites, but as malware has been discovered among some of the most important ones in the world, it is necessary to redouble your attention.
Never click on strange links and if you notice your slow computer, perform a scan to try to find viruses.