A recent cyberattack campaign has infected over 3,500 websites worldwide with stealthy JavaScript cryptocurrency miners, exploiting obfuscated code and WebSockets to remain undetected. Attackers are also leveraging compromised domains for Magecart credit card skimming and various web-based exploits, including WordPress plugin modifications. #Cryptojacking #Magecart
Keypoints
- Over 3,500 websites have been targeted with covert JavaScript miners that operate silently in browsers.
- The miners use Web Workers and WebSockets to dynamically adjust mining resources and avoid detection.
- Attackers also exploit domains previously used for Magecart credit card skimming to diversify their malicious payloads.
- Numerous in-browser attacks include manipulating Google OAuth callbacks and injecting malicious scripts into WordPress sites.
- Compromised WordPress plugins, like Gravity Forms, are exploited to create backdoors and escalate administrative privileges.
Read More: https://thehackernews.com/2025/07/3500-websites-hijacked-to-secretly-mine.html