A massive new cryptojacking campaign has taken over the internet. It still has successfully poisoned a minimum of 3,500 sites by inserting an invisible Monero mining script. Cybersecurity firm GroupSense researchers found the still active operation, which hacks unpatched sites and e-commerce servers. Behind the scenes, the malware’s low-and-slow approach to resources helps it avoid detection.
This latest cryptojacking campaign uses an open-source Monero mining script to mine cryptocurrency without their consent on the sites’ visitors’ machines. By minimizing the amount of resources used, the script tries to avoid being detected by security scans, as well as setting off alerts for suspicious activity. This silent method enables the attackers to have sustained access while making a more passive income from the unauthorized mining.
Cryptojacking quickly rocketed into the news in late 2017. This rush was largely driven by Coinhive, a JavaScript miner that allowed webmasters to silently mine Monero on their user’s computers and make money off their traffic. While Coinhive was discontinued in 2019, cryptojacking is back with a vengeance and with even smarter methods. These emerging strategies are focused on long-term access to produce and passive income creation.
The current campaign highlights the importance of keeping websites and e-commerce servers up to date with the latest security patches. By exploiting vulnerabilities in unpatched systems, attackers have been able to inject malicious scripts and compromise thousands of high-traffic websites. Website owners and administrators need to proactively scan their website for vulnerabilities. They must quickly implement security updates to avoid being attacked.
