3,500 Websites Hijacked in Stealth Crypto Mining Attack

A new wave of browser-based cryptojacking has emerged, with attackers compromising 3,500 websites hijacked to secretly mine cryptocurrency. Researchers from c/side uncovered the campaign, which uses stealthy JavaScript code and WebSocket connections to siphon computing power from unsuspecting visitors. The findings highlight a resurgence of tactics once used by now-defunct services like CoinHive, which faded after major browsers cracked down on mining scripts.

Unlike earlier operations, this campaign employs more evasive techniques. The injected code blends into legitimate website resources, making detection difficult. Once loaded, the script connects to a remote server via WebSocket, allowing real-time communication to control mining tasks. The 3,500 websites hijacked span a range of sectors and geographies, amplifying the threat’s global footprint.

Security teams are advised to audit their websites for unauthorized scripts and monitor outbound WebSocket traffic. For a detailed breakdown of the attack and indicators of compromise, read the full report here:

https://thehackernews.com/2025/07/3500-websites-hijacked-to-secretly-mine.html