Crypto miners are the most common web threats with over 170K unique malicious URLs

William S. | January 18, 2022

Web threats affect every individual on every device linked to the internet. Web threats frequently infiltrate users’ networks without their knowledge and can be triggered by opening a spam email or clicking on an executable file attachment. Once they have infected the system, web threats travel throughout the internet, infecting other machines.

According to the data presented by the Atlas VPN team, 177,753 unique URLs with crypto miners posed web threats from October 2020 to September 2021. Furthermore, nearly 70% of all detected web threat domains appear to be located in the United States.

The data is based on Palo Alto Networks Unit 42 research, The Year in Web Threats: Web Skimmers Take Advantage of Cloud Hosting and More. The report observed and analyzed web threats trends between October 2020 and September 2021.

A total of 177,753 unique URLs with crypto miners caused 652,907 threats on the web. Cryptocurrency miners that run in web browsers consume significant CPU resources, making computer use extremely slow. Cybercriminals can generate revenue by employing stealthy malware farms on victims’ devices.

Following up, 147,918 unique URLs with JavaScript (JS) downloaders were observed between October 2020 and September 2021, accumulating 712,023 total threats. JS downloaders are snippets of JavaScript code that download malicious codes files from websites remotely to enable other harmful behaviors.

Next up, 147,907 unique URLs with web skimmers accumulated a total of 611,811 web threats. Web skimming is a hacking technique where the cybercriminal embeds a snippet of JavaScript code into e-commerce or banking web pages to steal sensitive user information such as credit card information and personally identifiable information (PII).

Finally, 72,814 unique URLs with web scams were seen on the web, causing 192,798 threats. On the other hand, 22,162 URLs with JavaScript redirectors amassed 171,546 total web threats.

Web threats origins

Malicious URLs are hosted on domains whose origins can be traced by identifying the geographical locations for the domain names. However, it is essential to recognize that many cybercriminals could be using leverage proxy servers and VPNs to change their IP addresses from their actual physical locations.

From October 2020 to September 2021, a total of about 831K unique URLs were found to be posing web threats. The URLs are from nearly 52K unique domains, of which the majority, almost 70%, seem to originate from the United States. Russia follows up in a second-place as 3.3% of domains carrying malicious URLs were located there.

A bit less, 3.2% of unique domains containing harmful URLs appeared to be found in Germany. Going down the list, 2.1% of domains with malicious URLs carrying all kinds of web threats originated in the UK. Next up, 1.9% of domains containing URLs with web threats were located in France.

In addition, 1.7% of unique domains carrying malicious URLs originated from the Netherlands. At the same time, 1.2% of domains containing harmful URLs with web threats were located in Canada and China. Finally, the rest of the domains, 15.6% to be exact, appeared to be found in other countries.

The threat of web crypto miners highlights that website administrators must patch all systems, components, and web plugins to help minimize the risks of compromised systems. From the side of internet users, they should stay vigilant online and avoid clicking suspicious links and emails to prevent malware infection.