Open a shopping page or news website in an instant, and you might think your computer is only working for you, but the CPU behind the scenes is quietly working for strangers. According to the security research institution c/side, which disclosed earlier this month, up to 3,500 websites have been invaded and embedded with "browser-based mining" programs, with attack traffic spread globally, but users can hardly detect it.
Hacker Attack Methods Revealed
c/side researchers revealed that they discovered mining scripts hidden in obfuscated JavaScript, which evaluates device computing power and generates background Web Workers to execute mining tasks in parallel without raising any alarms.
More importantly, the activity was found to use WebSockets to fetch mining tasks from external servers, dynamically adjusting mining intensity based on device capabilities and limiting resource consumption accordingly to maintain stealth.
The ultimate result is that users unknowingly mine cryptocurrencies while browsing hijacked websites, with hackers turning their computers into hidden cryptocurrency mining machines without users' knowledge or consent. Security researcher Himanshu Anand stated directly:
This is a stealth mining program designed to avoid detection by users and security tools.
Personal Cost: The Quiet Loss of Network Resources, Electricity, and Privacy
For the average user, the first loss might not be bank account deposits, but this can lead to severe computer sluggishness, fans running at high speeds for extended periods, and accelerated battery drain on mobile devices. Long-term computational load may shorten hardware lifespan and raise electricity bills. More seriously, websites embedded with mining scripts often simultaneously distribute other malware, such as credit card data theft scripts, ultimately exposing personal data and payment information to risk.
Enterprise Impact: Brand Trust and Compliance Costs Surge
For website operators, being hijacked by hackers not only damages brand image but may also trigger regulatory investigations or even lawsuits. Additionally, to counter hacker hijacking, operational teams must repair hosts, update plugins, and track malicious script sources, all of which require human resources and time. If user data is leaked, enterprises also face additional fines.
Defense Path: Tools, Processes, and Education Are Indispensable
On a personal level, users can block known mining scripts through antivirus software and browser plugins, while paying attention to abnormal device heating and power consumption. Regularly updating operating systems and applications can also help close exploitable vulnerabilities.
Enterprises need to comprehensively assess the issue and establish rapid patching mechanisms, potentially introducing behavioral analysis or AI detection systems to identify network anomalies in real-time.
Finally, continuous education and learning are key to combating online threats. Cybersecurity issues are more like an endurance race, and only by synchronously upgrading the "digital immune system" can users and enterprises effectively protect computing resources and maintain trust systems.
