#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
AWS EKS Security Best Practices

OpenCart | Breaking Cybersecurity News | The Hacker News

Category — OpenCart
3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics

3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics

Jul 21, 2025 Web Security / Cryptocurrency
A new attack campaign has compromised more than 3,500 websites worldwide with JavaScript cryptocurrency miners, marking the return of browser-based cryptojacking attacks once popularized by the likes of CoinHive .  Although the service has since shuttered after browser makers took steps to ban miner-related apps and add-ons, researchers from the c/side said they found evidence of a stealthy miner packed within obfuscated JavaScript that assesses the computational power of a device and spawns background Web Workers to execute mining tasks in parallel without raising any alarm. More importantly, the activity has been found to leverage WebSockets to fetch mining tasks from an external server, so as to dynamically adjust the mining intensity based on the device capabilities and accordingly throttle resource consumption to maintain stealth. "This was a stealth miner, designed to avoid detection by staying below the radar of both users and security tools," security researcher ...
New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites

New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites

Jun 26, 2024 Web Skimming / Website Security
Multiple content management system (CMS) platforms like WordPress, Magento, and OpenCart have been targeted by a new credit card web skimmer called Caesar Cipher Skimmer. A web skimmer refers to malware that is injected into e-commerce sites with the goal of stealing financial and payment information .  According to Sucuri, the latest campaign entails making malicious modifications to the checkout PHP file associated with the WooCommerce plugin for WordPress ("form-checkout.php") to steal credit card details. "For the past few months, the injections have been changed to look less suspicious than a long obfuscated script," security researcher Ben Martin said , noting the malware's attempt to masquerade as Google Analytics and Google Tag Manager. Specifically, it utilizes the same substitution mechanism employed in Caesar cipher to encode the malicious piece of code into a garbled string and conceal the external domain that's used to host the payload. ...
Expert Insights Articles Videos
Cybersecurity Resources
//]]>