Cryptojacking Resurfaces As Monero Miner Malware Hits 3,500+ Sites: Report
Hackers have infected over 3,500 websites with cryptomining scripts that hijack visitors' browsers to mine Monero without consent. This malware does not steal passwords or lock files but uses visitors' processing power quietly. The campaign, discovered by cybersecurity firm c/side, employs techniques to minimize CPU usage and conceal traffic, avoiding detection typical of traditional cryptojacking. This resurgence of cryptojacking, which gained attention in 2017 with Coinhive, has evolved to operate stealthily across numerous sites. The attackers likely reuse old infrastructure from previous Magecart campaigns, adding mining scripts to existing malicious code. The new approach utilizes throttled WebAssembly miners and WebSockets to maintain a low profile, making detection difficult. The primary targets are server and web app owners rather than individual crypto users.
