Millions of Android-powered smartphones have reportedly become victims of invasive cryptocurrency miners who carry out the job through malicious advertising (“malvertising”) and other illegal methods.
In a recent report by Malwarebytes, Lead Malware Intelligence Analyst Jérôme Segura said Android users were being “targeted” by massive drive-by cryptomining attacks. According to the security researcher, these activities had been observed since last month but they believe that the illegal practice had begun back in November 2017.
By definition, drive-by cryptomining simply means hackers are forcing their way into people’s computers and abusing their CPU capacities to generate digital coins like Monero. In some extreme cases, compromised websites were injected with malware that allowed the cryptomining to go on even when the victim did not open the page.
One of the malvertising forms Malwarebytes encountered on Android redirected a user to a page with a panic-inducing message that said: “Your device is showing suspicious surfing behaviour.” The same page then instructed users to enter a captcha code. An unsuspecting target is likely to follow this because unless he or she does, the “phone or tablet will be mining Monero at full speed, maxing out the device’s processor.”
“While Android users may be redirected from regular browsing, we believe that infected apps containing ad modules are loading similar chains leading to this cryptomining page. This is unfortunately common in the Android ecosystem, especially with so-called ‘free’ apps,” Malwarebytes further explained.
In the previous months, the cryptocurrency market has seen a growth of support from people worldwide. This trend is then expected to result to more activities that abuse a targeted victim. What is even scarier is the fact that hackers have been aggressively developing ways to easily and more effectively do the job, such as the mentioned forced browser redirects, malicious pop-up ads, and more. It is not just Trojan-infected apps that people have to worry about.
In the same Malwarebytes report, Android users can check the identified domains and Coinhive keys that were found to be linked to these activities. However, it is also important to note that there have been cases where hackers silently apply cryptomining codes even to legitimate websites.