3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics
22.07.2025
11211
JavaScript cryptojackers hit 3,500+ sites using stealth WebSocket miners and Magecart-linked infrastructure.
In a shocking reveal, over 3,500 websites have been compromised to secretly mine cryptocurrency using stealthy JavaScript and WebSocket tactics. This isn't your grandma's cryptojacking—this is next-level, using infrastructure linked to the infamous Magecart group.
The attackers are leveraging WebSockets for a more covert operation, making it harder for traditional security measures to detect the mining activity. This method allows them to maintain a persistent connection to the victim's browser, mining crypto without raising alarms.
The compromised sites span across various platforms, including WordPress, OpenCart, and others, indicating a widespread supply chain attack. The attackers are injecting malicious JavaScript into these sites, turning visitors' devices into unwitting crypto miners.
This is a sophisticated attack that blends in with normal web traffic, making it incredibly difficult to detect without specialized tools.
Security experts are urging website owners to audit their sites for unauthorized JavaScript and to monitor WebSocket connections closely. The use of Magecart-linked infrastructure suggests that this could be part of a larger, more organized cybercriminal operation.
- • Over 3,500 websites compromised
- • Stealthy use of WebSockets for mining
- • Linked to Magecart infrastructure
- • Affects WordPress, OpenCart, and more
- • Urgent audits recommended for site owners
#supply chain attacks#hack#malware#cybersecurity#cryptojacking
Got a topic? Write to ATLA WIRE on Telegram:t.me/atla_community
