Can you imagine your phone resources being maxed out by crypto-jacking code to run Monero malware? Yes it happened recently to a lot of Android users.
Android phones are can be hacked – same as other devices. A Monero mining site was able to run, manage and hijack Android devices to mine the virtual currency.
Researchers at cyber security firm Malwarebytes discovered that the so-called ‘drive-by crypto-mining’ malware had managed to infect Android phones and redirect them to a website running crypto-currency mining code that automatically sucks a phone’s processing power to crunch equations needed to generate Monero.
Malwarebytes’ researchers noted that the website notorious website displays a warning notifying users that there’s “suspicious surfing behavior” and from there asks that they need to do a Captcha otherwise a cryptominer running in the background will continue to churn away.
Lo and behold, this brings forth hardship for the Android user since the device’s CPU gets maxed out.
Malwarebytes researchers have discovered the crypto-jacking campaign last January but the they have deduced that it has been running since November 2017 and it has a cover span of five domains where traffic has been observed in millions from people visiting the sites.
An average visit to the website coming from an infected device lasts for approximately 4 minutes. Given the number of visits, it generates a couple of thousand dollars worth of Monero. Not bad given that they are not doing much of the workload and instead using the Android devices to harvest it for them.
Although Crypto-jacking is not the most dangerous malware out there, however, it causes slowdowns on the device or machine it infects; thus lowering productivity and usability of the computer or device. This maxes out the system resources and causes overheating of components.
Malwarebytes hasn’t pinpointed exactly where the redirecting malware stems from, but it reckons it probably lurked in Android apps posing as legitimate software yet harboring malware-riddled adverts.
“While Android users may be redirected from regular browsing, we believe that infected apps containing ad modules are loading similar chains leading to this crypto-mining page. This is unfortunately common in the Android ecosystem, especially with so-called “free” apps,” the researchers said.
“It’s possible that this particular campaign is going after low quality traffic—but not necessarily bots —and rather than serving typical ads that might be wasted, they chose to make a profit using a browser-based Monero miner.”
In the real world we live in, there is no 100% way to prevent this since security software is only as good as it can be from the time they formulate ways and means to detect and remove malware that they have obtained samples from. It will not be able to protect you from the newer threats. But still, having a good security software is better than having none at all. It might catch most of them but not all. You can lower your risks if you download legitimate apps from the Google Play Store. However, there are still a few instances that malicious apps were able to get in the Google Play Store. With that said, the rest of the Google Play apps are relatively safe.
We should watch out and keep our Android devices safe. Due to the increasing popularity of crypto-currency and easy-to-use mining tools, it is uncertain how this continues in the future. Eventually, we will see more crypto-jacking attacks and activity in days to come.
Was this helpful?
As we value quality over quantity, we have focused our unified Business I.T. services only to Arizona specifically in Phoenix, Scottsdale, Glendale Metro areas.
Our technicians are available the very instant you call us; thereby, ensuring no interruption of your usual business operations. In case you can’t access our contact page, our phone support is always available to cater to your calls. Just give us a ring at 480-464-0202