TechFlow news, July 22 — According to Decrypt, a wave of stealthy browser-based cryptocurrency mining attacks is spreading across the web, with over 3,500 websites infected with hidden Monero mining scripts.
The ongoing attack was first identified by cybersecurity firm c/side. Unlike traditional cryptojacking, this malware avoids typical telltale signs by throttling CPU usage and hiding traffic within WebSocket streams. The attackers follow a "stay low, mine slow" strategy, reusing access gained from previous breaches to target unpatched websites and e-commerce servers.
An anonymous information security researcher revealed that the attackers likely already control thousands of compromised WordPress sites and online stores. The malware employs throttled WebAssembly-based miners that limit CPU consumption and communicate via WebSockets, making them difficult to detect using conventional methods.




