The drive to cash in on the cryptocurrency boom is nowhere to be seen – as innocent internet browsers’ machines are co-opted into mining for bitcoin and other crypto-assets without their owner’s knowledge. In an analysis of web threats monitored by cybersecurity researchers Palo Alto Networks Unit 42, cryptocurrency miners were one of the most persistent and prevalent threats around the world wide web.
In all, 177,753 unique URLs with crypto miners posed web threats from October 2020 to September 2021. A web threat, as defined by Palo Alto Networks Unit 42, is a piece of malware that infiltrates users’ networks without their knowledge and can be triggered by opening a spam email or clicking on an executable file attachment. Once it’s inside a system and has infected it, web threats travel throughout the internet, infecting other machines.
The majority of the activity around web threats was focused on a single top-level domain name. Nearly 70% of all detected web threat domains appear to be located in the United States, according to the research. The crypto miners that the URLs couched within them use malware to take control of the processing power of a user’s device, devoting it to trying to solve the complex calculations that allow new cryptocurrency to be minted.
Unprecedented scale
Those nearly 178,000 different URLs aren’t the end of the story when it comes to crypto miners, either. Within them, the URLs hid 652,907 web-based crypto miners. Those miners can run within a web browser, meaning they’re relatively unobtrusive and often aren’t recognized as a risk by the user. The only indication they may get that something is amiss is the fact that their computer may run slow, the result of hogging a computer’s CPU resources in order to try and solve the calculations required.
While most of the threats were centered in the United States – the result of the majority of URLs being based on .com gTLDs, Russia follows up in second place. There, 3.3% of domains carry malicious URLs. Perhaps surprisingly, the next most popular location for crypto miners to be based is Germany, followed by the UK and France.
“The danger of web threats highlights that website administrators must patch all systems, components, and web plugins to help minimize the risks of compromised systems,” says Atlas VPN, who have also studied the report. “From the side of internet users, they should stay vigilant online and avoid clicking suspicious links and emails to prevent malware infection.”
Crypto miners are not the only issue
While crypto miners are a new and present threat, there is a broader suite of problems that cybersecurity-conscious users must be aware of. Nearly 150,000 unique URLs with JavaScript (JS) downloaders were observed between October 2020 and September 2021, encompassing 712,023 total threats. JS downloaders are snippets of JavaScript code that download malicious code files from websites remotely to enable other harmful behaviours.
Roughly the same number of URLs housing web skimmers were found, with a total of 611,811 web threats. Web skimming is a hacking technique where the cybercriminal embeds a snippet of JavaScript code into e-commerce or banking web pages to steal sensitive user information such as credit card information and personally identifiable information (PII).
The scope of security risks is becoming larger as the threats and rewards involved become more significant. With higher stakes, there are obviously more threats to be encountered as you head out into the wilds of the internet. It can be rough out there – so be careful in how you browse.
