Malware Targets and Hijacks Millions of Android Devices to Mine Monero

Cybercriminals are increasingly hijacking other people’s devices to mine Monero (XMR), in a trend now called cryptojakcing. According to Malwarebytes, a “drive-by” mining campaign recently redirected millions of Android users to a website that hijacked their devices to mine the privacy-centric cryptocurrency using Coinhive .

The campaign worked by redirecting users to a page that told them their device was “showing suspicious surfing behavior.” As such, they needed to verify they were human by solving a CAPTCHA, while their device was used to mine Monero “in order to recover server costs incurred by bot traffic.”

All users had to do was solve the CAPTCHA and click a “continue” button. Once solved, they would be redirected to Google’s home page, which researchers noted was an odd choice. Malwarebytes details that it first spotted the “drive-by” campaign last month, but that it could’ve been around since November 2017. The exact trigger that captured users isn’t clear, but researchers believes infected apps with malicious ads did the trick.

Their post reads:

“While Android users may be redirected from regular browsing, we believe that infected apps containing ad modules are loading similar chains leading to this cryptomining page. This is unfortunately common in the Android ecosystem, especially with so-called “free” apps.” Source