CryptoJacking is dead: long live CryptoJacking

Aug. 20, 2025, 12:17 p.m.

Description

The article discusses the evolution of cryptojacking, from its rise with Coinhive in 2017 to its apparent decline and subsequent resurgence in a more sophisticated form. A new campaign was discovered involving over 3,500 infected websites, using stealthy techniques to mine cryptocurrency without detection. The modern approach involves dropper scripts, environment checks, worker spawning, and C2 communication, prioritizing stealth over resource consumption. This new wave of cryptojacking attacks demonstrates the ongoing cat-and-mouse game between attackers and security measures, highlighting the need for continued vigilance in cybersecurity.

External References

https://cside.dev/blog/cryptojacking-is-dead-long-live-cryptojacking
https://otx.alienvault.com/pulse/68a5a893d0e6cf5fee6c45a2
Tags
obfuscation
cryptojacking
monero
2025-08-20
webassembly
stealth mining
web workers
websockets

Date

  • Created: Aug. 20, 2025, 10:50 a.m.
  • Published: Aug. 20, 2025, 10:50 a.m.
  • Modified: Aug. 20, 2025, 12:17 p.m.

Indicators

  • https://trustisimportant.fun/karma/karma.js?karma=bs?nosaj=faster.mo
  • www.yobox.store
  • https://www.yobox.store/karma/karma.js?karma=bs?nosaj=faster.mo
  • yobox.store
  • trustisimportant.fun
  • faster.mo
Download all indicators here!

Attack Patterns