As the cryptocurrency market is rapidly growing, various malicious programs are making rounds, illegally exploiting devices for mining purposes. A new mining campaign is now targeting mobile users and it reportedly exploited millions of Android devices already. According to Malwarebytes, this campaign redirects smartphones to websites that use their processing powers to mine the Monero cryptocurrency. This is thought to be the largest such operation targeting mobile devices, and millions of users unwillingly mined Monero since November, according to the cybersecurity firm. The campaign reportedly works by redirecting users to cryptocurrency mining websites specifically designed to mine Monero. Researchers note that while some of those redirects might occur during regular browsing sessions, there’s also a chance that infected apps carrying malicious ads play a significant role in the scheme.
The researchers identified five such mining websites and at least two of them had heavy traffic with more than 30 million visits per month. In total, the five websites reportedly saw up to 800,000 visits per day. Most users reportedly spent only a short time on these websites, but for mining, even a few minutes count, especially if millions of devices have been affected. Users would reportedly be redirected to a mining website and see a notice that their activity seemed “suspicious,” and they would be required to enter a captcha code. The notice also informed users that their device would be used for mining until they entered the captcha to prove they are human users. The warning further explained that mining the Monero cryptocurrency will help the site pay for its server costs driven by bot traffic.
Mobile devices may be more vulnerable to such malicious mining campaigns because many users don’t have security apps installed or enabled and don’t use web filtering. While such software is typically present on PCs and warns users that something’s off, on mobile platforms, such campaigns might go undetected. Experts are advising Android users to install security software and use web filters to avoid having their devices hijacked. At the same time, Malwarebytes also highlights that installing applications only from Google Play can significantly lower the risk of falling prey to such malicious campaigns, as downloading apps from other sources does not guarantee they’re legitimate. Infected apps, for instance, could be available as free downloads from third-party app stores. Lending CPU power to cryptocurrency mining websites will significantly slow down the device and leave it vulnerable to further security issues.