#CryptoScamSurge #CryptoScamSurge

Over 3,500 Websites Infected with Hidden Monero Miners — Hackers Earn Cryptocurrency from Visitors

Hackers have infected over 3,500 websites with hidden scripts for mining Monero ($XMR ) tokens. This malicious software does not steal passwords or block files. Instead, when a user visits an infected site, it transforms their browser into a Monero mining engine, using small amounts of computational power without the victims' consent.

By limiting CPU usage and concealing traffic within WebSocket streams, hackers manage to avoid the characteristic signs of traditional cryptojacking—the unauthorized use of someone's device for cryptocurrency mining. This tactic first gained widespread attention in late 2017 with the emergence of the Coinhive service, which was shut down in 2019.

Previously, scripts would overload processors and slow down devices. Now, the malicious software remains undetected and mines slowly, without arousing suspicion.

Infection Stages:

* Malicious Script Injection: A JavaScript file (e.g., karma[.]js) is added to the website's code, initiating the mining process.

* The script checks for WebAssembly support, device type, and browser capabilities to optimize the load.

* Background Process Creation.

* Via WebSockets or HTTPS, the script receives mining tasks and sends the results to a C2 server (the hackers' command center).

The domain trustisimportant[.]fun is linked to both cryptojacking and Magecart campaigns (which involve skimming credit card data during online store checkouts). The IP addresses 89.58.14.251 and 104.21.80.1 served as command and control (C2) servers.#CryptoScamSurge #AmericaAIActionPlan #Write2Earn