Skip to Content

Sketchy websites are hijacking your smartphone to mine cryptocurrency

Cryptojacking is a growing problem and it’s starting to become one of the biggest computer threats out there. With the current cryptocurrencies explosion, this new kind of profit-generating practice is quickly spreading.

While cryptomining is a completely legal way to earn cryptocurrencies, cryptojacking is another story. It’s a new scheme by cybercriminals to profit off your gadget without your knowledge.

Since this practice can lead to higher energy bills, overworked gadgets and even burned out phones, cryptojacking is the latest security threat you need to keep your eye on.

What is cryptojacking?

Cryptojacking is a new method for hackers to generate revenue for themselves at your expense.

Since cryptomining consumes tons of electrical energy, fraudsters love sourcing out this activity to others. Instead of putting up server farms dedicated to cryptomining, they would rather steal your computing resources to do the heavy lifting for them.

They can do this by installing cryptomining malware secretly on your phone or computer. Think of it as similar to a botnet, except it’s used for mining cryptos like Bitcoin or Monero instead of performing denial of service attacks.

Click here for a detailed look at how cryptojacking works.

Fraudsters can also inject websites with cryptomining malware then redirect or trick users into visiting it.

And this is exactly what’s happening with this latest scheme to hijack Android phones with cryptomining software.

Drive-by cryptojacking

Security researchers from Malwarebytes recently spotted another type of cryptojacking malware that resides in specially designed websites.

Instead of tricking victims into installing cryptojacking malware, this new scheme occurs within a browser page. Victims are being redirected to these pages via links or by malicious ads (also known as malvertising.)

Note: This type of attack is known as “drive-by malware.” This means you don’t even have to actively download nor install anything to get infected. All that’s required is for you to visit a poisoned website. Attacks like this usually exploit vulnerabilities in browser plugins like Flash or JavaScript.

According to Malwarebytes, this new browser-baser cryptojacker mines for the cryptocurrency Monero and the redirects are specifically targeting Android gadgets.

Methods of infection

It is likely that the redirect malware comes from fake Android apps posing as the real thing. These fake apps are actually part of malvertising campaigns and they are usually found in third-party app stores.

“While Android users may be redirected from regular browsing, we believe that infected apps containing ad modules are loading similar chains leading to this cryptomining page. This is unfortunately common in the Android ecosystem, especially with so-called “free” apps,” Malwarebytes explained.

This particular campaign was first spotted in January but Malwarebytes said that it has been active since November. It has redirected millions of Android users since.

It’s interesting how this cryptojacking attack is done, though. Victims are first presented with a simple CAPTCHA to prove that they’re humans and not bots. The message says unless you enter the correct CAPTCHA code, your browser will continue mining Monero for the website.

Image courtesy of Malwarebytes

Based on the average time a victim spends on the poisoned website, which is four minutes, and the number of visits a day, which is around 800,000, the campaign could be earning its authors a few thousand worth of Monero each month.

Click here to read Malwarebyte’s full report.

Signs that your gadget has been cryptojacked

Cryptojacking software is meant to run in the background without being detected but there are tell-tale signs that your gadget has been victimized.

First, you may notice slower than usual internet connections and slower performance. Since cryptomining uses your gadget’s processing cycles, it consumes more energy so you’ll notice a shorter battery life and it running warmer than usual.

In fact, cryptojacking can overwork smartphones excessively, it can literally burn it to the ground.

Click here for tips on how to detect Android malware.

How to protect yourself against drive-by cryptominers?

As usual, beware of installing applications straight off the web and not from the official Google Play Store. Also, look out for surprise app permission requests that might pop out and never grant them!

Stay away from questionable websites and if you happen to click on an ad banner, watch out for software that it might install.

Make sure you enable Android’s real-time security program, Google Play Protect. It certainly will be a huge help in containing malicious apps before they can cause damage.

Have a question about the cryptojacking? Kim has your answer! Click here to send Kim a question, she may use it and answer it on her radio show. The Kim Komando Show is broadcast on over 450 stations. Click here to find the show time in your area.

In other news, another Android cryptojacker, ADB.Miner, is also making the rounds

This is not the only active cryptojacking campaign right now, a new type of malware called ADB.Miner is also spreading. Click here to read more about it.

Ask me your digital question!

Navigating the digital world can be intimidating and sometimes downright daunting. Let me help! Reach out today to ask your digital question. You might even be on my show!

Ask Me