Notebookcheck Logo

First large scale mobile mining malware hits millions of Android users

A new Android exploit has users unwittingly mining for Monero. (Source: Malwarebytes)
A new Android exploit has users unwittingly mining for Monero. (Source: Malwarebytes)
"Millions" of Android users have been affected by a cryptocurrency malware exploit, according to researchers at Malwarebytes. Users are redirected to a website that hijacks their device and mines for the Monero cryptocurrency.

The latest to malware to hit Android users is a “drive-by” mining attack that directs users to a malicious website which then hijacks their smartphone hardware to mine the Monero cryptocurrency. Uncovered by researchers at Malewarebytes, the exploit has affected millions of Android users. The attack mines the cryptocurrency in the background of the user’s browser of choice, maxing out the CPU in the process.

Malewarebytes says it first observed the campaign in late January, but then traced back the activity to November. Although not fully certain how the exploit works, the researchers believe that mobile advertising infected with malware could be causing the redirects to the cryptomining site. Unusually, the affected users are then presented with a warning requiring them to enter a captcha code. When entered, the mining stops; however, until then, the affected smartphones are being utilized for every thread they are able to process.

The Malewarebytes team recommend that Android users run web filtering and other security software on their devices to avoid such attacks. Android has many pluses, but its open source nature can leave it much more vulnerable to exploits making it equally attractive to users and hackers alike.

Source(s)

static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2018 02 > First large scale mobile mining malware hits millions of Android users
Sanjiv Sathiah, 2018-02-14 (Update: 2018-02-14)