Over 3,500 websites around the world have been infected with JavaScript cryptocurrency mining malware as part of a new cryptojacking campaign, The Hacker News reports.
With WebSockets exploited to facilitate the remote retrieval of mining tasks, threat actors could conduct clandestine cryptomining activities on the devices of victims visiting the compromised websites, according to an analysis from c/side. Additional findings also showed the JavaScript miner's domain to be associated with old Magecart credit card skimmers. "Attackers now prioritize stealth over brute-force resource theft, using obfuscation, WebSockets, and infrastructure reuse to stay hidden. The goal isn't to drain devices instantly, it is to persistently siphon resources over time, like a digital vampire," said c/side. A separate c/side report detailed the utilization of the OpenCart content management system to compromise East Asian e-commerce sites with a malicious payment form that enabled the exfiltration of bank information and other sensitive details from unsuspecting customers.
With WebSockets exploited to facilitate the remote retrieval of mining tasks, threat actors could conduct clandestine cryptomining activities on the devices of victims visiting the compromised websites, according to an analysis from c/side. Additional findings also showed the JavaScript miner's domain to be associated with old Magecart credit card skimmers. "Attackers now prioritize stealth over brute-force resource theft, using obfuscation, WebSockets, and infrastructure reuse to stay hidden. The goal isn't to drain devices instantly, it is to persistently siphon resources over time, like a digital vampire," said c/side. A separate c/side report detailed the utilization of the OpenCart content management system to compromise East Asian e-commerce sites with a malicious payment form that enabled the exfiltration of bank information and other sensitive details from unsuspecting customers.




