Millions of Android Phones Hijacked into Mine Monero Cryptocurrency: Malwarebytes
Millions of Android Tablets have reportedly been hijacked at a drive-by cryptocurrency.
According to security investigators, over the past couple of months, hackers have secretly been mining Monero coins through smartphones. Based on Malwarebytes investigators, the effort was initially detected in January though it had begun around November this past year.
As stated by the report, countless Android mobile users have been redirected to a specifically designed webpage “performing in-browser cryptomining.” Although the method, the report says, is “automatic, with no user consent, and largely silent,” visitors are presented with a CAPTCHA to resolve to demonstrate that they’re human and not a bot.
The warning message reads as “Your device is revealing suspicious surfing behaviour. Please prove that you are human by solving the captcha. Until you confirm yourself as human, your browser will mine the Cryptocurrency Monero for us to be able to recover the host costs incurred by bot traffic” Until a user enters the code, the smart phone or tablet continues mining Monero, damaging the device’s chip.
Interestingly, upon clicking entering the code, users are redirected to the Google home page, the report says. Also, the code is inactive and hardcoded from the page’s source, making the procedure appear malicious. The researchers in Malwarebytes state that sufferers may confront the forced redirection during regular browsing sessions or via infected apps with malicious advertisements.
“It’s possible that this specific campaign is going after low end traffic-but not automatically robots -and instead of serving typical ads that may be squandered, they opted to make a gain using a browser-based Monero miner,” Jerome Segura, direct malware intelligence analyst in Malwarebytes, wrote in the blog article.
Malwarebytes identified five domains using the exact same captcha code along with Coinhive site keys used for the campaign. According to the data posted on the blog, at least two websites had more than 30 million visits per month, and the domains combined yielded around 800,000 visits every day.
Unsurprisingly, Web filtering or safety software on smartphones are highly suggested by the researchers, to prevent such hijacks. They state that pressured cryptomining is presently affecting mobile phones and tablet computers not only through Trojanised programs but also via redirects and pop-unders. Meanwhile, here is a manual on the best way best to stop websites from using your telephone or computer to mine cryptocurrencies.