Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

3.5K Sites Hijacked to Secretly Mine Crypto

July 22, 2025
Reading Time: 3 mins read
in Alerts
3.5K Sites Hijacked to Secretly Mine Crypto

A sophisticated new attack campaign has resurfaced browser-based cryptojacking, compromising over 3,500 websites worldwide with stealthy JavaScript cryptocurrency miners. Unlike earlier, more noticeable cryptojacking attempts, this new iteration is designed for evasion. Researchers discovered a highly obfuscated JavaScript miner that intelligently assesses a device’s computational power and then employs background Web Workers to execute mining tasks in parallel. This method allows the attackers to discreetly exploit user devices for cryptocurrency generation without raising suspicion or significantly impacting performance, effectively turning unsuspecting visitors’ computers into hidden crypto-mining machines.

A key innovation in this campaign is the use of WebSockets to communicate with an external server.

This enables the miner to dynamically adjust its intensity based on the device’s capabilities, throttling resource consumption to maintain its stealthy operation. Security researchers emphasize that the primary goal of this attack is not to immediately drain a device’s resources but rather to persistently siphon them over an extended period, likening the approach to a “digital vampire.” The exact method by which these websites are initially compromised to facilitate the in-browser mining remains unknown, indicating a potentially well-concealed exploit chain.

Further analysis revealed that the domain hosting this JavaScript miner has a history of being associated with Magecart credit card skimmers. This connection suggests a strategic diversification of payloads and revenue streams by the threat actors, indicating their capability to weaponize JavaScript for various opportunistic attacks against website visitors. The reuse of infrastructure for both cryptocurrency mining and credit/debit card exfiltration scripts underscores the attackers’ agility and willingness to exploit client-side vulnerabilities for multiple malicious purposes, maximizing their illicit gains.

The emergence of this cryptojacking campaign aligns with other recent client-side and website-oriented attacks that employ diverse techniques to compromise sites and users. These include abusing legitimate Google OAuth endpoints for redirects to malicious payloads, injecting Google Tag Manager scripts into WordPress databases to redirect visitors to spam domains, and compromising core WordPress files like wp-settings.php to inject malicious PHP scripts. Attackers are also observed injecting code into WordPress theme footers for browser redirects and using fake WordPress plugins that only activate when search engine crawlers are detected, serving spam content to manipulate search rankings.

Furthermore, a significant supply chain attack has been identified involving backdoored versions of the WordPress plugin Gravity Forms. This malicious version, distributed through the official download page, attempts to block updates and reach an external server to download additional payloads. If successful, it endeavors to add an administrative account, granting the attackers complete control over the website. This provides a backdoor for a range of other malicious actions, including expanding remote access, injecting arbitrary code, manipulating existing admin accounts, and accessing stored WordPress data, highlighting the persistent and evolving threat landscape for website security.

Reference:

  • 3,500 Sites Hijacked to Mine Crypto via Stealthy JavaScript and WebSocket Technique
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityJuly 2025
ADVERTISEMENT

Related Posts

Redis Use After Free Bug Enables RCE

Google Chrome RCE Flaw Details Leak

October 8, 2025
Redis Use After Free Bug Enables RCE

Redis Use After Free Bug Enables RCE

October 8, 2025
Redis Use After Free Bug Enables RCE

Microsoft Ties Storm 1175 To Medusa

October 8, 2025
XWorm 6.0 Returns With New Plugins

XWorm 6.0 Returns With New Plugins

October 7, 2025
XWorm 6.0 Returns With New Plugins

Rhadamanthys Stealer Evolves Again

October 7, 2025
XWorm 6.0 Returns With New Plugins

Steam And Microsoft Warn Of Unity Flaw

October 7, 2025

Latest Alerts

Microsoft Ties Storm 1175 To Medusa

Google Chrome RCE Flaw Details Leak

Redis Use After Free Bug Enables RCE

XWorm 6.0 Returns With New Plugins

Steam And Microsoft Warn Of Unity Flaw

Rhadamanthys Stealer Evolves Again

Subscribe to our newsletter

    Latest Incidents

    DraftKings Warns Of Account Breaches

    Doctors Imaging Data Breach Hits 171K

    Salesforce Refuses To Pay Ransom

    Red Hat Data Breach Escalates Further

    FC Barcelona Instagram Hacked By Scam

    Threat Actors Claim Huawei Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial