Cybercriminals are increasingly targeting other people’s devices to mine cryptocurrencies.
According to Malwarebytes Labs, millions of Android users are being targeted for mining Monero (XMR) currency. Millions of mobile users have been redirected to a scecifically designed page performing in-browser cryptomining.
This is the way cybercriminals can mine cryptocurrencies without user consent. And without them even knowing their devices are being used in those activities, because they are mostly silent. This way is much different from computer mining, where CPU is clocked at 100 percent, the noise is coming out of victims computer fan.
According to Malwarebytes, cybercriminals are using a tehnique that redirects Android users to a website that hijacked their devices to mine the privacy-centric cryptocurrency using Coinhive. This trend is now called cryptojacking.
The campaign worked by redirecting unsuspicious Android users to a page, where they needed to verify they were human by solving a CAPTCHA. Meanwhile criminals used their device to mine Monero.
“Your device is showing suspicious surfing behaviour. Please prove that you are human by solving the captcha.”
The user entered a certain code, that was generated by static code, generated in page source. Until he finishes, cybercriminals use mobile phone or tablet to mine Monero at full speed, maxing out the devices processor.
This discovery came at Malwarebytes investigating a separate malware campaign in late January, as they were testing various malvertising chains often lead to tech supports scams with an Internet Explorer or Chrome user-agent on Windows. As they switched to Android, they were redirected via series of hops to that cryptomining page.
Their post reads:
“While Android users may be redirected from regular browsing, we believe that infected apps containing ad modules are loading similar chains leading to this cryptomining page. This is unfortunately common in the Android ecosystem, especially with so-called “free” apps.”
Malwarebyte identified five domains. They got approximately 800.000 visits per day, with an average of four minutes time spent mining per user. They concluded that with a conservative rate of 10h/s, coupled with the average four minute spent time, the hijackers could be making »a few thousand dollars« per month.
Most of Android users are still not using an antivirus/anti-malware software on their devices. Malwarebytes suggest using applications only from Google Play Store and of course, use proper security software.