Cybercriminals are increasingly hijacking other people’s devices to mine Monero (XMR), ter a trend now called cryptojakcing. According to Malwarebytes, a “drive-by” mining campaign recently redirected millions of Android users to a webstek that hijacked their devices to mine the privacy-centric cryptocurrency using Coinhive .
The campaign worked by redirecting users to a pagina that told them their device wasgoed “showing suspicious surfing behavior.” Spil such, they needed to verify they were human by solving a CAPTCHA, while their device wasgoed used to mine Monero “in order to recover server costs incurred by bot traffic.”
All users had to do wasgoed solve the CAPTCHA and click a “continue” button. Once solved, they would be redirected to Google’s huis pagina, which researchers noted wasgoed an odd choice. Malwarebytes details that it very first spotted the “drive-by” campaign last month, but that it could’ve bot around since November 2018. The precies trigger that captured users isn’t clear, but researchers believes infected apps with malicious ads did the trick.
Their postbode reads:
“While Android users may be redirected from regular browsing, wij believe that infected apps containing ad modules are loading similar chains leading to this cryptomining pagina. This is unluckily common ter the Android ecosystem, especially with so-called “free” apps.”
Malwarebytes researchers weren’t able to identify all the domains users were being redirected to. They managed to identify five domains, and concluded that thesis received about 800,000 visits vanaf day, with an average of four minutes spent mining, vanaf user.
To find out the number of hashes being produced, researchers note, a conservative rate of 10h/s wasgoed used. This low hash rate, coupled with the four minute average spent on time, means the hackers behind it could only be making “a few thousand dollars” vanaf month.
The Cryptojacking Trend
Notably, researchers discovered the drive-by campaign while studying a separate malware dubbed EITest. They were testing various chains that often led to tech support scams on Windows, but soon found that things were different when using Android.
The ongoing cryptojacking trend seemingly began when torrent-index webstek the Pirate Bay began using it spil a potential alternative to ads. Since then, bad actors took advantage of the code Coinhive provides to mine Monero, and used it on Google Chrome extensions, UFC’s webstek, and even Starbucks’ Wi-Fi.
While on their PCs users can block cryptocurrency mining scripts by using anti-malware programs on their machines and browsing the web through browsers with inbuilt implements like Opera and Plucky, Android users are advised to stick to Google’s Play Store, and use security software.