As somebody who worked in the past on a piece of software that generated heatmaps from cursor movements on websites, I can confirm that it's a very widespread thing. Well, it was ~5 years ago, so I'd guess it's even worse now.
For a non-nefarious use case, it can be used to iterate on the UI to create a better user experience because it can expose areas that people aren't seeing on the webpage. Your site might have the important content or useful navigation in a place that users aren't noticing which causes them to leave the site in frustration.
