Several Android Devices Hacked in a Cryptomining Campaign

Several Android Devices Hacked in a Cryptomining Campaign

Cryptojacking
February 14, 2018 by Bitzamp
310
Several Android Devices Hacked in a Cryptomining Campaign Cryptojacking is recently becoming a common trend for cybercriminals. It involves hijacking people’s devices to mine Monero (XMR) by relying upon infected apps and redirecting notices to users. Also Read: Cybercriminals Hacks UK Government Websites, Exploits Visitors CPU For Crypto Mining Millions of Android devices were hacked
monero

Several Android Devices Hacked in a Cryptomining Campaign
Cryptojacking is recently becoming a common trend for cybercriminals. It involves hijacking people’s devices to mine Monero (XMR) by relying upon infected apps and redirecting notices to users.

Also Read: Cybercriminals Hacks UK Government Websites, Exploits Visitors CPU For Crypto Mining

Millions of Android devices were hacked by redirecting them to a website which allowed the cybercriminals to gain control of the devices’ processor which was used to exploit privacy-centric cryptocurrency using coinhive.

The hacking worked by redirecting Android users to a page telling them that their device had “suspicious browser behavior.” So, they had to verify they were humans by solving a CAPTCHA while their device was being used to extract Monero to cover the server costs for bot traffic. Once users solves the CAPTCHA, and click a ‘’continue button” their device will start mining for monero, while others  would be redirected to Google’s homepage, which researchers considers a strange choice.

Malwarebytes identified this campaign in January 2018, but they think it started in November 2017. The researchers identified them in January While investigating another malicious campaign called EITest. When investigating various malicious strings that led to fraudulent scams using a Chrome browser user agent or Internet Explorer on Windows, they noticed that they were redirected to this cryptomining site when they switched to the Android device.

The post from their websites reads;

“Although Android users can be redirected from normal surfing, we believe that infected applications that contain ad modules load similar strings that lead to that cryptomination page, which is unfortunately common in the Android ecosystem with so-called free apps.”

Hackers have easily managed to hijack millions of Android devices within a few months due to the fact that most users fails to install security apps and do not web filter their devices while surfing the internet.

Malwarebytes researchers have identified five research areas so far, and two of them had more than 30 million visits per month, and cumulative traffic in those areas was about 800,000 visits per day. According to Jerome Segura, Malwarebyte’s Senior Malware Analyst:

“We believe there are a few other areas we have met, but even this small subset is enough to give us an idea of the scope of this campaign.” It’s hard to say how much it is. Given the low hash rate and limited time we spend on mining, we estimate that this program is likely to cost only a few thousand dollars a month. ”

The ongoing cryptojacking trend apparently began when the torrent index website Pirate Bay began using it as a potential alternative to advertising. Since then, bad actors have used Coinhive code to mine Monero.

A few days ago it was reported that hackers had abducted thousands of British and US  government websites to generate Monero cryptocurrencies. In addition, popular websites such as YouTube, BlackBerry, Starbucks and even the computer system of Transneft, the world’s largest Russian oil company, was hacked to mine Monero.


Join Us On Telegram


 

Add a Comment