A new malware has been found on Android that is allegedly using your phone to mine Monero- a form of cryptocurrency. The Malwarebytes team has ascertained a new malware that affects Android phones using which its makers can efficiently mine cryptocurrency.
When Malwarebytes was investigating another malware affecting Windows and Chrome that tricked users into a tech support scam, they thought of testing the same on Android. To their surprise, they found that it affected those devices using a chain of redirecting URLs all leading to a crypto mining page.
Android has always been targeted as a platform for nurturing malware. Even downloading a sketchy app from the Play Store can easily lead to a malicious script to run on your Android device. That script takes many forms in the course of the mobile usage. Although, the most frequent type is a warning message along with a captcha code.
It seems that the ones who instigated this malware in the first place also chose the classic ‘warning message along with a captcha method.’ The aim of the malware is to show a warning message with an ‘OK’ button and then show the captcha. For users who are not too much invested in technological knowledge, take it seriously and literally go on to fill the captcha. Passing through a captcha takes time. And that is what the creators of this malware take advantage of.
Until you complete the captcha, the website on the Android phone keeps mining Monero. Although, them mining Monero on your device can cause an array of problems with your device, at the same time it can make them rich. Anyways, it’s not the point of them being rich, but mining on a mobile device can cause excessive CPU usage which can then lead to degradation of the battery and the CPU itself. Ultimately, this malware can destroy your Android-powered device.
Though according to Malwarebytes’ reports, this malware is relatively new with its first domain registered in November 2017, and a successive domain registered almost a month ago. They also reported that the domains on which this malware functions on, collectively achieve more than 800,000 visitors per day! The average time span of a visitor on any one of its domains is about 4 minutes.
Although, it is sure that those hackers are not making more than a couple thousand bucks as the cryptocurrency Monero doesn’t hold that much value in the market as of now. However, if this malware lives longer and Monero prices boost up, it’s probably gonna be a golden day for those hackers. In the wake of this, Malwarebytes also issued an official statement for users trying to spread awareness of the dangers of crypto jacking. Here’s what they said:
“Forced crypto mining is now also affecting mobile phones and tablets en masse—not only via Trojanized apps but also via redirects and pop-unders…While these platforms are less powerful than their Desktop counterparts, there is also a greater number of them out there…We strongly advise users to run the same security tools they have on their PC on their mobile devices…because unwanted crypto mining is not only a nuisance but can also cause permanent damage.”
Tips to save your phone from being a victim:
As soon as you see a fishy warning message in your browser, close that tab.
Restore your phone to the factory defaults once every two months.
That’s all you can do to save yourself.
The reason behind the Android ecosystem always being a victim of such malware is lack of security updates. At present, only some big brands like Google provide time to time security updates for their devices. And that too, only for their latest flagships. Rest receive updates once in every two years except for the Pixel series.
Now imagine having your Android device connected to a plethora of IoT devices in your home. If a malware can as easily mine Monero using your phone, it can also get access to your personal data which could even be related to your overall security. That’s when you decide to switch to the iOS operating system. Cause not only it is more secure and less prone to malware, it is versatile as well.
Additionally, it takes a fortune to build a malware for iOS devices accounting all the resources you need to develop one. Moving on, crypto jacking is not a new concept. There are several websites that have and are still mining cryptocurrencies, with or without the consent of their users. They use the viewer’s computer’s CPU to mine those currencies. While, Android phones aren’t that powerful, PCs and Macs can be proven as a fortune to such websites, that is if they ever manage to gain such amount of viewership. Although, crypto jacking can be detected by hiked CPU usage. But, who would prefer to keep a CPU monitoring window on at all times while browsing their favorite celebs on the internet?
A very recent example is of PirateBay’s when it mined Bitcoin without the consent of its visitors. Though, when the extremely tech-savvy users noticed a hike in their CPU usage, they confronted PirateBay’s authorities and later a legal action was taken against PirateBay.