50,000 WordPress Sites Infected With Crypto Mining Malware

The crypto mining malware epidemic is expanding more and more: almost 50,000 WordPress sites have been  infected with crypto-jacking scripts, according to security researcher Troy Mursch from Bad Packets Report.

Relying on source-code search engine PublicWWW to scan the web for pages running crypto-jacking malware, Mursch was able to identify at least 48,953 affected websites.

 The researcher notes that Coinhive continues to be the most widespread crypto-jacking script out there, accounting for close to 40,000 infected websites – a stunning 81 percent of all recorded cases.

It is worth pointing out that Mursch was able to find at least 30,000 websites running Coinhive back in November last year.

For the rest, Bad Packets Report indicates the remaining 19 percent are spread between various Coinhive alternatives, like Crypto-Loot, CoinImp, Minr and deepMiner.

His research suggests there are 2,057 sites infected by Crypto-Loot, 4,119 by CoinImp, 692 sites by Minr, and 2,160 by deepMiner.

Back in February, security researchers discovered that a slew of legitimate websites – including government and public service agency portals – were quietly running crypto-jacking scripts.

The researcher has also published a document on PasteBin file detailing the 7,000 affected sites found since January 20 this year. “Some of these sites have already removed the crypto-jacking malware,” the PasteBin page reads. “However, many remain compromised. Browse at your own risk.”



The Next Web

To Top