Deep Tide TechFlow news, on July 22, according to Decrypt, a wave of covert browser cryptocurrency mining attacks is spreading across the internet, with over 3,500 websites implanted with secret Monero mining scripts.
The cybersecurity company c/side first discovered this ongoing attack activity. Unlike traditional cryptocurrency hijacking, this malware avoids the obvious characteristics of traditional cryptocurrency hijacking by limiting CPU usage and hiding traffic in WebSocket streams. The attackers follow a strategy of 'keeping a low profile, mining slowly,' reusing access obtained from past attacks to target unpatched websites and e-commerce servers.
According to an anonymous information security researcher, the attackers have likely taken control of thousands of hacked WordPress websites and e-commerce stores. This malware uses throttled WebAssembly mining programs, limits CPU usage, and communicates via WebSockets, making it difficult to detect using traditional methods.