Millions of Android users could be at risk of having their mobile devices hijacked by “drive-by” cryptominers, according to research by MalwareBytes Lead Malware Intelligence Analyst Jerome Segura.
“Drive-by” cryptomining on a mobile device is functionally identical to that received previous warnings from Malwarebytes involving desktop PCs. By redirecting web traffic to a specific address, a device’s capabilities are hijacked by a bit of JavaScript code and harnessed to mine the cryptocurrency Monero. While this may seem like a relatively harmless — if ethically questionable — way of utilizing otherwise unused resources to generate wealth, the process that hijacks your device ratchets the CPU’s functions up to 100 percent and keeps them there. If kept up for long enough, this sort of constant usage can heavily damage a smartphone’s internal components, leading to potentially expensive repairs — or worse, a whole new device. Additionally, this process takes place without consent, raising concerns over user privacy.
As with desktop drive-by cryptomining, victims can fall prey when visiting websites. According to Malwarebyte’s blog, the site usually flashes up a warning message, and asks the user to prove they’re human by entering a certain code, adding that until the code is entered the website will use the device to mine for cryptocurrency. The page claims that the warning is a countermeasure against bots, but since the code doesn’t seem to be randomized and is hard-wired into the website, it would be unlikely to be a good deterrent. In addition, once the code has been entered, the website redirects the user to Google’s homepage — not usual behavior following a captcha test.
While this issue is tied to specific webpages (a few of which Malwarebytes has identified, but the list is nowhere near complete), it’s also possible for the drive-by to affect users by way of infected ads. This is especially common, according to the blog post, in the case of certain free apps within the Android ecosystem, where a displayed ad will connect the user to the chain needed to eventually connect the device to the cryptomining page. So it’s easily possible to be infected without realizing it.
If all this sounds scary, there’s a simple way to stay safe. Malwarebytes’ blog obviously recommends that you download the Malwarebytes app to gain some security, and while that may be a good idea, there are also loads of other useful anti-virus and anti-malware apps out there that should help you keep safe in cyberspace — here’s a list of our favorites.
