50 Million Android Users Hit By Cryptocurrency Miner

Malvertising is a problem. Malicious encryption extraction software is a problem. Put them together and you have a very big problem.

A new malicious ad campaign targets Android users, forcing their phones to extract cryptocurrencies as long as they can hold them in a shady place. The good news is that fraud is easy to avoid; The bad news is that if you are a victim, it could permanently damage your phone.


Malwarebytes Labs, a security firm based in Santa Clara, California, discovered the plan and wrote about it on the company's blog. According to security researcher Jerome Segura, the attack is an example of "mining in progress," in which a criminal exploits a device to briefly extract crypto-swaps (in this case Monero or XMR).

Although Malwarebytes did not specify which websites might contain the dangerous ads in question, at least one of them should be very popular. Dr. Augustine Fou, who worked with Malwarebytes, discovered that more than 60 million visitors visited malicious domains and spent an average of four minutes on the site. This is probably worth a few thousand dollars in Monero, and many Android processors are overloaded.

What's the worst thing that can happen?
Since the website only uses your phone for a minute and leaves no trace on your phone, it seems relatively harmless. However, cryptocurrency extraction is a high-performance operation even on a gaming platform; On an Android phone, this can be a death sentence. The Monero Mining feature operates the phone's processor at 100% indeterminate, which can overheat the chip. If not selected, you can block the entire phone or, more specifically, melt some of it.

In other words, running the site for a minute or two at a time is pretty bad, but imagine what would happen if you did not notice the ad or if you accidentally forgot to close it or you You are away from your phone.

How to protect yourself
The best way to prevent this page from compromising your phone is to run a set of Android antivirus programs. (Malwarebytes recommends its own software for mobile devices, but any useful program blocks unwanted pop-under ads.)

If you do not use an Android AV program, you can not necessarily "avoid" the attack (malicious advertising is so insidious because it can appear on the normally safe pages that you use every day), but it can mitigate the damage done. Once the page is displayed, immediately close your browser and tell the site that you're using a dangerous ad.

MORE: Best Android Antivirus - Top Free and Paid Mobile Security

How the attack works
This is how the attack works: First, a user on a website finds a harmful ad that would otherwise be legitimate. The announcement determines which browser is running and which operating system is displayed as an extension. If the ad detects Android, the user is redirected to a malicious page that indicates the phone has suspicious browser behavior. Users must enter a captcha to "check themselves as humans".

You've seen pages with similar shadows when you've spent time in an Android browser, but it's got something to do: It notes that until the captcha completes, users will see the Cryptocurrency (sic) Monero for bot traffic. "

Of course, the part about restoring server costs is absurd, but cryptocurrency extraction is not. While the user stays on the page, the website uses the processor of the phone to extract Monero. Interestingly, as soon as the user enters Captcha and presses Continue, he redirects to Google and interrupts his mining operations. It does not seem to steal personal information.

A worrying precedent
This particular cryptocurrency mining scam is easy to defeat, but it still creates a worrying precedent. If cryptocurrency miners can spread through malicious advertising, it's not easy to protect themselves from them. And if a really smart person finds a way to run without you realizing it, your phone could be physically in ruins before you have a chance to approach it.

In the event that you have an Android phone, it is best to run a set of antivirus programs that prevent many things from stopping before they reach the screen. And if you're really interested in cryptocurrency mining, I have an amazing bridge for sale in Brooklyn that might interest you too.