Security Research Institution c/side Discloses that Up to 3,500 Websites Have Been Hacked and Infected with “Browser Mining” Programs, with Attack Traffic Spreading Globally, Users Unknowingly Helping Hackers Mine Cryptocurrency!
(Background: Cold Wallet Trezor Warns: Hackers Impersonate Official Communications for Phishing Attacks; Do Not Share Wallet Private Keys)
(Context: Brazil’s Central Bank’s $140 Million Reserves Hacked! Illegally Converted to Bitcoin, Hacker’s Cost Only $2,760, Service Provider Becomes a Vulnerability)
Upon opening a shopping page or news website, you may think your computer is working solely for you, but unbeknownst to you, the CPU is silently working for strangers. According to security research institution c/side, which disclosed earlier this month, up to 3,500 websites have been hacked and implanted with “browser mining” programs, with attack traffic spreading globally, but users are almost completely unaware.
Revealing Hacker Attack Techniques
Researchers at c/side revealed that they discovered mining scripts hidden within obfuscated JavaScript, which assess the computing power of devices and generate background Web Workers to concurrently execute mining tasks without triggering any alerts. More importantly, this activity was found to utilize WebSockets to obtain mining tasks from external servers, dynamically adjusting mining intensity based on device capabilities and correspondingly limiting resource consumption to maintain stealth.
The ultimate result of this method is that users unknowingly mine cryptocurrency while browsing compromised websites, with hackers turning their computers into hidden cryptocurrency mining rigs without users’ knowledge or consent. Security researcher Himanshu Anand stated:
“This is a form of invisible mining software designed to evade detection by users and security tools.”
Personal Costs: Quiet Drain of Network Resources, Power, and Privacy
For the average user, the immediate loss may not be in their bank account, but this can lead to severe computer sluggishness, prolonged fan activity, and accelerated battery drain on mobile devices. Long-term computational loads may shorten hardware lifespans, and electricity bills will rise accordingly. More seriously, websites implanted with mining scripts often simultaneously distribute other malicious programs, such as credit card data theft scripts, ultimately exposing personal information and payment data to significant risks.
Corporate Impact: Sudden Increase in Brand Trust and Compliance Costs
For website operators, being hijacked by hackers not only damages their brand image but may also trigger regulatory investigations and even lawsuits. Additionally, to combat hacker hijacking, operational teams must repair servers, update plugins, and trace the sources of malicious scripts, all of which require manpower and time. Moreover, if user data is leaked, companies face additional fines.
Defensive Pathways: Tools, Processes, and Education Are Essential
On a personal level, users can block known mining scripts using antivirus software and browser plugins, while also monitoring abnormal heating and power consumption of their devices. Regularly updating operating systems and applications also helps to close exploited vulnerabilities. Companies need to comprehensively assess the issue and establish rapid remediation mechanisms. They can also implement behavioral analysis or AI detection systems to promptly identify abnormal network traffic. Finally, continuous education and learning are crucial in combating online threats. Cybersecurity issues resemble a marathon; only by synchronously upgrading the “digital immune system” can users and businesses effectively protect computing resources and maintain trust systems.
Related Reports
Microsoft Partners with FBI to Combat North Korean Hacker Scams! Freezing 3,000 Accounts, Identifying U.S. “Accomplices”
Iran Announces “Nighttime Ban on Cryptocurrency,” Israeli Hackers Burn $100 Million in Nobitex, Igniting On-Chain Warfare
MicroStrategy Sparks Proof of Reserves on Chain, Michael Saylor: Public Addresses Too Foolish, Making Hackers Easy Targets