TechFlow, July 30 — Security research firm c/side recently disclosed that over 3,500 websites have been hacked and injected with a covert JavaScript cryptocurrency mining program. The attackers used Web Workers and WebSocket technologies to secretly mine cryptocurrency when users browse the infected websites.
The research shows that the attackers maintain connections to external servers via WebSocket and can dynamically adjust mining intensity based on device performance to reduce the risk of detection. Notably, the domains used to deploy the mining scripts were previously involved in hosting Magecart credit card skimming malware, indicating that the attackers are diversifying their attack methods.
The exact method of website compromise remains unclear. Security researchers advise website administrators to strengthen security reviews of JavaScript code and regularly monitor for suspicious outbound connection activities.




