Recently, it was revealed that over 3,500 websites were infected with scripts for hidden cryptocurrency mining. This widespread infection raises new concerns about online security.
What is Cryptojacking?
Cryptojacking is the unauthorized use of someone else's devices to mine digital assets without the owners' knowledge. This tactic emerged in 2017 with the launch of the Coinhive service, which shut down in 2019. At that time, data on the prevalence of such malware was contradictory: some sources reported a decrease in activity, while others recorded a 29% increase.
Methods of Attack: How Infections Occur
Analysts at c/side outlined the main stages of the attack:
* **Malicious Script Injection**: A JavaScript file is added to the website code, initiating mining. * **Capability Checks**: The script checks for WebAssembly support, device type, and browser capabilities to optimize load. * **Creation of Background Processes**. * **Communication with the Control Server**: Via WebSockets or HTTPS, the script receives mining tasks and sends results to the command server.
Why This is a Problem?
Although the malware is not designed to steal cryptocurrency wallets, hackers could technically add this capability. Owners of compromised servers and web applications become platforms for unauthorized mining. An anonymous cybersecurity expert noted that modern malware aims to remain unnoticed and mine slowly without arousing suspicion.
The resurgence of cryptojacking in a more covert form raises new concerns for cybersecurity experts. It is important to be vigilant about the security of web resources and monitor for suspicious activity.
