Countless Android smartphones have Allegedly been hijacked at a drive-by cryptocurrency
According to safety researchers, over the last few weeks, hackers have secretly been mining Monero coins through smartphones. Based on Malwarebytes investigators, the effort was first observed in January though it had started around November last year.
According to the report, countless Android mobile users have been redirected to a specifically designed webpage “performing in-browser cryptomining.” Though the technique, the report states, is “automatic, with no user consent, and mostly silent,” visitors are presented with a CAPTCHA to resolve to demonstrate they’re human and not a bot.
The warning message reads as “Your device is showing suspicious surfing behavior. Please prove that you are human by solving the captcha. Until you confirm yourself as individual, your browser will automatically mine the Cryptocurrency Monero for us in order to recoup the host costs incurred by bot traffic.” Until an individual enters the code, the smart phone or tablet continues mining Monero, damaging the device’s processor.
Also see: How to Stop Websites From Using Your Phone or Display to Mine Bitcoin and Other Cryptocurrencies
Additionally, the code is static and hardcoded in the page’s source, making the process seem malicious. The researchers at Malwarebytes state that victims may face the forced redirection during routine browsing sessions or via infected programs with malicious advertisements.
“It’s possible that this particular effort is going after low end traffic-but not necessarily robots -and instead of serving typical ads that might be wasted, they chose to make a gain working with a browser-based Monero miner,” Jerome Segura, direct malware intelligence analyst at Malwarebytes, composed in the blog article.
Malwarebytes identified five domains using the same captcha code along with Coinhive site keys used for its campaign. According to the data posted on the site, at least two websites had more than 30 million visits per month, and the domain names united yielded around 800,000 visits every day.
Unsurprisingly, Internet filtering or security applications on smartphones are highly suggested by the investigators, to stop such hijacks. They say that pressured cryptomining is now affecting mobile phones and tablet computers not only via Trojanised apps but also via redirects and pop-unders. Meanwhile, here’s a manual on how to stop websites from using your telephone or computer to mine cryptocurrencies.