financial crime
Cryptocurrency Cybersecurity Europe

Beware Crypto Miners Attached To Unique URLs; Warns Atlas VPN Data

Crypto miners attached to unique URLs are posing a very real and very serious threat to consumers; as highlighted by the concerning new data from Atlas VPN. 

The Atlas VPN study, which itself was based on the data of Palo Alto Networks Unit 42, focused on the period between October 2020 and September 2021, and found that out of the many differing fraudulent techniques that exploit URLs, those attached to crypto miners posed the biggest threat to the consumer; with a total of 177,753 documented cases. In addition to this, the data also found that out of all the detected web threat domains, 70 per cent were situated in the United States.

A total of 652,907 web threats were the direct result of URLs with crypto miners. What’s more, cryptocurrency miners that run in web browsers are known to consume significant CPU resources, making computer use extremely slow. Cybercriminals can generate revenue by employing stealthy malware farms on victims’ devices.

This news will be particularly concerning for users of Norton 360, who have recently installed a crypto miner on its software.

When looking at the wider data, 147,918 unique URLs with JavaScript (JS) downloaders accumulated a total of 712,023 threats. JS downloaders are snippets of JavaScript code that download malicious codes files from websites remotely to enable other harmful behaviours.

Likewise, 147,907 unique URLs with web skimmers accumulated a total of 611,811 web threats. Web skimming is a hacking technique where the cybercriminal embeds a snippet of JavaScript code into e-commerce or banking web pages to steal sensitive user information such as credit card information and personally identifiable information (PII).

In addition to this, 72,814 unique URLs with web scams were detected, which have caused 192,798 threats. On the other hand, 22,162 URLs with JavaScript redirectors amassed 171,546 total web threats.

The Origin of Web Threats

Malicious URLs are hosted on domains whose origins can typically be traced by identifying the geographical locations for the domain names. However, it’s not uncommon for cybercriminals to utilise proxy servers and VPNs to hide their actual whereabouts.

From October 2020 to September 2021, a total of about 831,000 unique URLs were found to be posing web threats. The URLs are from nearly 52,000 unique domains, of which the majority, almost 70 per cent, seem to originate from the United States. Russia follows up in second place, which is where 3.3 per cent of domains carrying malicious URLs came from.

3.2 per cent of unique domains containing harmful URLs appeared in Germany, whilst 2.1 per cent originated in the UK, and 1.9 per cent were located in France.

Moving down the line, 1.7 per cent originated in the Netherlands, and 1.2 per cent were located in Canada and China. The remaining 15.6 per cent was dispersed across other nations.

The danger of web threats highlights that website administrators must patch all systems, components, and web plugins to help minimise the risks of compromised systems; advises Atlas VPN. From the side of internet users, they should stay vigilant online and avoid clicking suspicious links and emails to prevent malware infection.


  • Tyler is a fintech journalist with specific interests in online banking and emerging AI technologies. He began his career writing with a plethora of national and international publications.

Related posts

The New World, One Market Report Finds eWallets Will Account For ÂŁ11bn of Online Spending by 2026

Francis Bignell

Revolut Launches Confirmation of Payee for UK Customers

Polly Jean Harrison

Can CBDCs Prevent the ‘Accidental Elimination’ of Public Money?

Barry E James