Millions of Android devices have been redirected to a webpage that maxes out smartphone processors in order to mine the Monero cryptocurrency.
The details of this campaign were detailed by Malwarebytes on its company blog. Malwarebytes believes the campaign started in November 2017. It directs mobile users —it’s believed to target Android users — to a webpage that claims a user’s device is “showing suspicious surfing behavior.”
Users are then presented with a CAPTCHA to prove they’re not bots. As Malwarebytes explains, “Until the code is entered and you press the Continue button, your phone or tablet will be mining Monero at full speed, maxing out the device’s processor.”
Malwarebytes believe this web browsing redirection is likely caused by infected apps. As the company notes, “This is unfortunately common in the Android ecosystem, especially with so-called ‘free’ apps.”
iOS devices, while not completely virus- or malware-proof, tend to have less of these issues, due to Apple’s complete control over its official App Store and the difficulty users have in installing apps from other sources.
Without getting too deep into the often-confusing details of cryptocurrency mining, we’ll just say that cryptocurrencies need computing power to exist. While most cryptocurrencies are mined on dedicated servers — or computer space allotted for mining. But with the booming popularity of cryptocurrencies and the need for power, it’s no surprise that cryptomining malware, designed to use the computers and smartphones of unaware users, is becoming more of an issue. And this is probably only the beginning.
[Apps aren’t the only place you’ll find malware. Check out these Six Plug-Ins For Added Chrome Security.]
Malwarebytes recommends downloading trusted security tools (like malware blockers) for your mobile phone — not just your PC. While that’s a good tip, we’d also recommend avoiding suspicious apps and webpages in the first place. Android users should download apps from trusted developers in Google’s own Google Play store, and we’d also recommend taking a look at Google Play Protect, which scans your device, data, and apps for security issues.