Skip to main content
  1. Home
  2. Mobile
  3. News

Millions of Android users are at risk from ‘drive-by’ cryptomining

By
virus phone

Millions of Android users could be at risk of having their mobile devices hijacked by “drive-by” cryptominers, according to research by MalwareBytes Lead Malware Intelligence Analyst Jerome Segura.

“Drive-by” cryptomining on a mobile device is functionally identical to that received previous warnings from Malwarebytes involving desktop PCs. By redirecting web traffic to a specific address, a device’s capabilities are hijacked by a bit of JavaScript code and harnessed to mine the cryptocurrency Monero. While this may seem like a relatively harmless — if ethically questionable — way of utilizing otherwise unused resources to generate wealth, the process that hijacks your device ratchets the CPU’s functions up to 100 percent and keeps them there. If kept up for long enough, this sort of constant usage can heavily damage a smartphone’s internal components, leading to potentially expensive repairs — or worse, a whole new device. Additionally, this process takes place without consent, raising concerns over user privacy.

Recommended Videos

As with desktop drive-by cryptomining, victims can fall prey when visiting websites. According to Malwarebyte’s blog, the site usually flashes up a warning message, and asks the user to prove they’re human by entering a certain code, adding that until the code is entered the website will use the device to mine for cryptocurrency. The page claims that the warning is a countermeasure against bots, but since the code doesn’t seem to be randomized and is hard-wired into the website, it would be unlikely to be a good deterrent. In addition, once the code has been entered, the website redirects the user to Google’s homepage — not usual behavior following a captcha test.

Malwarebytes
Malwarebytes
Related

While this issue is tied to specific webpages (a few of which Malwarebytes has identified, but the list is nowhere near complete), it’s also possible for the drive-by to affect users by way of infected ads. This is especially common, according to the blog post, in the case of certain free apps within the Android ecosystem, where a displayed ad will connect the user to the chain needed to eventually connect the device to the cryptomining page. So it’s easily possible to be infected without realizing it.

If all this sounds scary, there’s a simple way to stay safe. Malwarebytes’ blog obviously recommends that you download the Malwarebytes app to gain some security, and while that may be a good idea, there are also loads of other useful anti-virus and anti-malware apps out there that should help you keep safe in cyberspace — here’s a list of our favorites.

Editors’ Recommendations

Topics
Mark Jansen
Mark Jansen
Contributor
Mark Jansen is an avid follower of everything that beeps, bloops, or makes pretty lights. He has a degree in Ancient &…
You can finally move your WhatsApp chats from Android to iOS
WhatsApp and Telegram app icons.

Moving WhatsApp chats from Android to iOS has been a painful task for years. But not anymore, as Apple and WhatsApp have made the process a whole lot easier. Starting today, Apple is adding a feature that allows you to move chats between the two platforms. The feature is a part of Apple’s existing “Move to iOS” Android application. It’s worth noting that the feature is currently available for beta users only, so non-beta users might have to wait for a week or two as it's rolled out in phases.

This is a big move since 2 million people use WhatsApp and, until now, there wasn’t an official method to move conversations between Android and iOS. There have been third-party solutions here and there, but nothing officially backed by Apple or WhatsApp. With the feature becoming available, users will be able to move their chats swiftly from Android to iOS.

Read more
Samsung saved your phone from a nasty security problem
Galaxy S22 Ultra and S21 Ultra camera modules.

Mobile security company Kryptowire published a blog post detailing a security breach it identified in Android 9, 10, 11, and 12 on Samsung smartphones earlier this year. The issue it found had serious consequences should a device be affected, and the company contacted Samsung. To its credit, Samsung reacted quickly to the problem and pushed its February 2022 security update out to remedy the issue.

Kryptowire's post detailing the problem is highly technical, but it serves as a good reminder of how important continued security updates are on Android devices. While most Samsung device owners have likely already protected themselves by downloading the security update, those without auto-updates turned on should make sure to bring their device up to date as soon as possible. On your Samsung phone, go to Settings>Software Update, and select Download and Install to check for any outstanding software updates. Then go back and turn Auto Download over Wi-Fi on.

Read more
Apple finally makes it harder to stalk Android users with its new Tracker Detect app
Apple Airtag in different polyurethane and leather key rings and loops

Apple has announced and released a new AirTags tracker app for Android called Tracker Detect. This has been done to resolve one of the privacy issues inadvertently introduced with AirTags earlier this year -- the ability to track someone without their knowledge. Once it was installed and a scan was initiated, the app was able to highlight unknown AirTag trackers nearby, essentially revealing the location of strangers and opening the door for planting an AirTag on someone without their knowledge to keep tabs on them.

AirTags were released earlier in the year as a rival to Tile and other Bluetooth trackers. They leveraged Apple's Find My network to help users track lost items by communicating with a combination of Bluetooth and Ultra Wideband. Unlike Tile trackers, they could also be used to geolocate lost items. However, AirTags also came with an unintended consequence: They could allow people to be tracked without their knowledge by simply tagging their clothes or personal property. Apple users would be protected against it as an iPhone running iOS 15 would be able to detect that an unknown AirTag was found moving with you, but that was not an option for Android devices.

Read more