According to Malwarebytes, a new malware on Android is letting user use their device to drive-by cryptocurrency mining campaign, and this is believed to be the biggest operation of this kind that is specifically attacking mobile users.
Malicious apps and website are said to be driving Android users to certain websites to set up for mining the cryptocurrency. It is said that a total of five cryptocurrency mining websites receive a total of 800,000 visits a day, as part of a cybercrime campaign that has been active since November. The advantage in attacking mobile users is that they don’t use any sort of web filtering or security applications and are left without software to warn them about suspicious activity.
Researchers claim that though the forced redirection attacks may occur during regular browsing, it very much possible that the infected apps also play a role, with ad modules within them directing users towards the crypto mining pages. These infected apps are most likely from a third-party source and are free to download.
Following the very nature of malware, which usually goes on behind the scenes, and silents the user alerts about their system being used for malicious practice. However, with this malicious cryptocurrency mining, informs the visitors that they are redirected to their websites and that their devices are being used to mine cryptocurrency which is used to pay for server traffic.
The captcha code to verify is one and same for every user, and until it is entered, the phone or tablet will mine Monero at full speed, maxing out the device’s processor. According to traffic analysis, the average time a visitor spends on this Monero mining page is around four minutes. Where the page initially loads up as a pop-under so it can perform its initial activity without the user immediately noticing.
While the PCs are least affected, it is the smartphones Monero mining that can still bring money in for those behind the scheme. It is worth noting that these sites that redirect to Monero mining don’t necessarily be malicious since malvertising could have been placed on them without the hosts’ knowledge. The campaign is still active and is successful in targeting millions of Android devices just because most of the users are still not aware of it.