The process of “mining” virtual currency requires a large computing power. This is why the trend has arisen where hackers hijacked victims’ computers for mining, with malware or scripts tucked into websites.
The more computers hijacked, the greater the collective resources for the process.
Later, this kind of incident widened also into the realm of mobile gadgets. Malwarebytes mobile security firm revealed a large-scale attack specifically targeting Android smartphones .
The hackers involved using the redirect advertising method to switch mobile browsers on mobile devices to multiple sites contain Monero (XMR) virtual currency monitors. The number of CPU utilization indicating the use of processor by mining process also jumped.
Surprisingly, the site of the virtual currency miner was frank about using Android device visitors alias redirect victims to do the mining. The site then asks the victim to enter a captcha to prove that the victim is not a “bot”.
After entering captcha, the victim will be redirected back to Google homepage. While not entering this captcha, the site will continue to use the victim’s device resources to the maximum to mine the virtual money (cryptomining).
The method hackers use to redirect is not known exactly, but it allegedly involves a malware-infected application that is downloaded to the victim’s device, to then display ads to the mining site.
In his report, Malwarebytes explained the average of these diverted victims spent four minutes on these mining sites. The site initially loaded as a pop-under so the victim did not immediately realize what was going on.
Although each mobile device is only siphoned resources for mining for minutes, the number of mobile phones that become victims of a lot. The amount of traffic to these mining sites is estimated to be around 800,000 per day. Thus, the estimated number of victims has reached millions.
“Mobile devices may not be as strong as desktop computers, but there are more,” Malware analyst Jerome Segura said in a statement .
This large-scale “cryptomining” attack could result in a large-value virtual currency for the hacker group of the culprit. Smominru’s malware miner who targets the Windows operating system with EternalBlue exploit, for example, is estimated to have managed to mine a virtual currency worth 3.6 million US dollars.
Hacker operations targeting Android devices via redirect to mining sites are estimated to have been running since November last year, but only began to be widely known in January this year.
In order not to be a victim, Malwarebytes advises mobile device users to install ad-blocker and other security applications.