Top Alexa Sites Infected With Malicious Coinminers and Web Skimmer

Executive Summary

Unit 42 recently launched a threat hunting campaign among the top 10,000 websites globally on Alexa. Alexa rankings are a measure of website popularity, based on visitor interactions and number of visits. We found four sites that were affected, as outlined in Table 1. In the analysis that follows, we describe the malicious activity in more detail, covering malicious coinminers, which hijack CPU resources to mine cryptocurrency; malicious external links, which direct users to malicious sites; and a web skimmer attack, which is designed to steal payment card details from checkout forms.

Table 1. Summary of affected top Alexa sites.

Palo Alto Networks customers are protected from the aforementioned threats by the URL Filtering and Threat Prevention cloud-delivered security subscriptions.

Compromised Sites