A new attack campaign has impacted over 3,500 websites globally by deploying JavaScript cryptocurrency miners. These stealth miners assess device power and utilize background Web Workers for parallel mining tasks. They leverage WebSockets to fetch mining tasks dynamically, optimizing resource consumption while remaining undetected. Users unknowingly partake in cryptocurrency mining while visiting these sites. The miners are linked to the same domains previously associated with Magecart credit card skimmers, showing an evolution towards diverse malicious payloads. Attackers prioritize stealth over brute-force tactics through techniques like obfuscation and opportunistic targeting.
"This was a stealth miner, designed to avoid detection by staying below the radar of both users and security tools," security researcher Himanshu Anand said.
The use of the same domains to deliver both miner and credit/debit card exfiltration scripts indicates the ability of the threat actors to weaponize JavaScript and stage opportunistic attacks aimed at unsuspecting site visitors.
Collection
[
|
...
]