GRASS GROWS, DOGS BARK and Android phones get hacked, such is the way of the world. The latest of the latter can be found with a cryptocurrency mining site that managed to hijack Android devices and press-gang them into mining the Monero virtual currency.
Researchers at cybersecurity firm Malwarebytes discovered that the so-called 'drive-by cryptomining' malware had managed to infect Android phones and redirect them to a website running cryptocurrency mining code that automatically sucks a phone's processing power to crunch equations needed to generate Monero.
Malwarebytes' clever bods noted that the website serves up a warning notifying users that there's "suspicious surfing behaviour" and that they need to solve a Captcha request otherwise a cryptominer running in the background will continue to churn away.
At the same time, the researchers found that a device's CPU was pretty much maxed out.
The 'cryptojacking' campaign was discovered by Malwarebytes in January but the researchers reckon it has been running since November 2017, covers five web domains and has seen millions of people visit the sites.
The average time spent on the sites was around four minutes, so when combined with the number of visits, it's estimated that a few thousand dollars of Monero were generate on a monthly basis; not a stellar number but still a decent earner when it's someone else doing the work.
Cryptojacking may not appear to be the most malicious of attacks but it can lead to device slowdown and having a processor running at full whack all the time is a good way to knacker it out. In some cases, this could even lead to a chip overheating and wrecking the device or even causing a fire. Basically, cryptojacking is bad news.
Malwarebytes hasn't pinpointed exactly where the redirecting malware stems from, but it reckons it probably lurked in Android apps posing as legitimate software yet harbouring malware-riddled adverts.
"While Android users may be redirected from regular browsing, we believe that infected apps containing ad modules are loading similar chains leading to this cryptomining page. This is unfortunately common in the Android ecosystem, especially with so-called "free" apps," the researchers said.
"It's possible that this particular campaign is going after low quality traffic—but not necessarily bots —and rather than serving typical ads that might be wasted, they chose to make a profit using a browser-based Monero miner."
Using mobile security tools and only downloading legitimate apps from Google's Play Store can help avoid such malicious activity. But the expanding popularity of cryptocurrencies and easy-to-use mining tools means we can expect to see cryptojacking attacks and activity become a common fixture in the threat landscape. µ
Slack, hack and crack
A flaw in the protocol affects iOS, macOS and Windows 10
Wig wearer has issue with non-wig-wearer