Cryptocurrency mining site hijacked millions of Android phones_Science & Military_Asia Pacific Daily

To download APD News app

1. Please scan the QR Code 2. Download and install APD News App

Cryptocurrency mining site hijacked millions of Android phones

Science & Military2018-02-13

Smartphone users are just as vulnerable to cryptocurrency mining hijacks as their PC counterparts, and sometimes on a dramatic scale. Malwarebytes has detailed a "drive-by" mining campaign that redirected millions of Android users to a website that hijacked their phone processors for mining Monero. While the exact trigger wasn't clear, researchers believed that infected apps with malicious ads would steer people toward the pages. And it wasn't subtle -- the site would claim that you were showing "suspicious" web activity and tell you that it was mining until you entered a captcha code to make it stop. The exact number of victims isn't apparent, but it's large. Malwarebytes identified five internet domains using the same captcha code and Coinhive site keys used for the campaign. At least two of the sites had over 30 million visits per month, and the combined domains had about 800,000 visits per day. Even though most people only ever spent a short amount of time on the pages (an average of 4 minutes), that amounted to a lot of mining time. Not surprisingly, Malwarebytes is recommending that Android phone users use web filters and security software to fend off these hijacks. We'd add that you can reduce the odds of encountering these campaigns by sticking to Google Play for app downloads, since you're less likely to run into rogue apps. However, it's doubtful that mining ploys like this will go away any time soon. So long as cryptocurrency values remain through the roof, you're bound to see someone hoping to make a few coins at your expense. (ENGADGET)

Smartphone users are just as vulnerable to cryptocurrency mining hijacks as their PC counterparts, and sometimes on a dramatic scale. Malwarebytes has detailed a "drive-by" mining campaign that redirected millions of Android users to a website that hijacked their phone processors for mining Monero.

While the exact trigger wasn't clear, researchers believed that infected apps with malicious ads would steer people toward the pages. And it wasn't subtle -- the site would claim that you were showing "suspicious" web activity and tell you that it was mining until you entered a captcha code to make it stop.

The exact number of victims isn't apparent, but it's large. Malwarebytes identified five internet domains using the same captcha code and Coinhive site keys used for the campaign.

At least two of the sites had over 30 million visits per month, and the combined domains had about 800,000 visits per day. Even though most people only ever spent a short amount of time on the pages (an average of 4 minutes), that amounted to a lot of mining time.

Not surprisingly, Malwarebytes is recommending that Android phone users use web filters and security software to fend off these hijacks. We'd add that you can reduce the odds of encountering these campaigns by sticking to Google Play for app downloads, since you're less likely to run into rogue apps.

However, it's doubtful that mining ploys like this will go away any time soon. So long as cryptocurrency values remain through the roof, you're bound to see someone hoping to make a few coins at your expense.

(ENGADGET)

Hot Recommended

  • Syrian Kurds outraged over mutilation of female fighter

  • Shanghai van incident: 18 injured as vehicle hits pedestrians

  • FIFA World Cup 2018 to use Pakistan-made footballs

  • What does secret Russia memo say and why does it matter?

  • Prince Harry reportedly set for a $70K hair transplant

  • SpaceX blasts off Luxembourg government satellite