The post Cryptojacking Resurfaces As Monero Miner Malware Hits 3,500+ Sites: Report appeared on BitcoinEthereumNews.com.

In brief At least 3,500 websites are running a hidden Monero mining script delivered through a malicious injection chain. Attackers reused access from past campaigns, targeting unpatched sites and e-commerce servers. The malware keeps a low profile, limiting resource use to avoid triggering suspicion or security scans. Hackers have infected more than 3,500 websites with stealthy cryptomining scripts that quietly hijack visitors’ browsers to generate Monero, a privacy-focused crypto designed to make transactions more difficult to trace. The malware doesn’t steal passwords or lock files. Instead, it quietly turns visitors’ browsers into Monero mining engines, siphoning small amounts of processing power without user consent. The campaign, still active as of this writing, was first uncovered by researchers at cybersecurity firm c/side. “By throttling CPU usage and hiding traffic in WebSocket streams, it avoided the telltale signs of traditional crypto jacking,” c/side disclosed Friday. Crypto jacking, sometimes spelled as one word, is the unauthorized use of someone’s device to mine crypto, typically without the owner’s knowledge. The tactic first gained mainstream attention in late 2017 with the rise of Coinhive, a now-defunct service that briefly dominated the cryptojacking scene before being shut down in 2019. In the same year, reports on its prevalence have become conflicting, with some telling Decrypt it hasn’t returned to “previous levels” even as some threat research labs confirmed a 29% rise at the time. ‘Stay low, mine slow’ Over half a decade later, the tactic appears to be staging a quiet comeback: reconfiguring itself from noisy, CPU-choking scripts into low-profile miners built for stealth and persistence. Rather than burning out devices, today’s campaigns spread quietly across thousands of sites, following a new playbook that, as c/side puts it, aims to “stay low, mine slow.” That shift in strategy is no accident, according to an information security…

---

Filed under: News - @ July 22, 2025 4:33 pm