Recently, millions of mobile phones were hijacked on due to a cryptocurrency mining campaign. According to the security researches, these hackers have been mining the Monero cryptocurrency via phones secretly since the past few months.
As per the researchers of Malwarebytes, the campaign was discovered in January but it had been going on since November last year. The reports also stated that the users of millions of smartphones were redirected to some specifically designed page which functioned in cryptomining through browser. As per the reports, the method of cryptocurrency mining is usually, “automated, without user content and mostly silent”. In the process, users are also provided with CAPTCHA to prove that they are human and not robots.
The warning message that usually popped up on the sites read, “Your device is showing suspicious surfing behaviour. Please prove that you are human by solving the captcha. Until you verify yourself as human, your browser will mine the Cryptocurrency Monero for us in order to recover the server costs incurred by bot traffic.” However, the mining of cryptocurrency continues until the user enters the code. This process also damages the processor of the user’s phone.
The reports also stated that as soon as the code is entered, the webpage of google pops up. The code, however is “static and hardcored” which is why it makes the whole process appear as harmful. The reports by researchers also say that the victims may have to undergo forced redirection while browsing regularly. They may be forced via all the malicious ads of the infected apps.
Jeroma Segura, lead intelligence analyst at Malware via the blog post of Malware stated, “It’s possible that this particular campaign is going after low-quality traffic-but not necessarily bots -and rather than serving typical ads that might be wasted, they chose to make a profit using a browser-based Monero miner.”
Malware successfully identified the five same captcha codes and cohitive site keys that were used by the hackers for cryptocurrency’s hijacking. As per the blog post of Malwarebytes, there were two websites that had more than 30 million visits in a month. The combined domain made 800000 visits possible per day.
Web filters help
The researchers have suggested that the users should use web filtering or security applications to prevent their phones from being hijacked. Not only are these forced cryptocurrency minings affecting the phones, but they are also damaging the processor of the phone. These are affected by Trojanised apps and redirects or pop-ups.
To avoid such unusual hijacks one must always opt for using Google Play store to download apps. This way, you will be able to escape from the possibilities of any fraud application. Even after following all these steps, it is yet not sure if the user would be able get rid of these malwares.
Google has the capability to stop Android malwares. Till date, it has stopped about 700000 applications in 2017 which violated the terms and condition. This was a 60 percent rise in shutting down of apps compared to 2016. This is done in order to prevent the phone from any kind of damage.