Holiday VPN Deals
Home  »  Learn  »  Online Safety  »  Mining Malware

Is Cryptocurrency "Mining Malware" the New Ransomware? Your smartphone could be hi-jacked by Bitcoin-seeking cybercrooks.

Your smartphone could be hi-jacked by Bitcoin-seeking cybercrooks
 Share the knowledge!

Since Bitcoin's high-profile year, the increasing popularity and real-world significance of cryptocurrencies has drawn the attention of cyber criminals and dramatically changed the threat landscape.

Drive-by mining is an automated, silent and platform-agnostic technique that forces visitors to a website to mine for cryptocurrency.

Malware-based miners are providing online criminals new revenue sources through forced crypto-mining on mobile phones and tablets. While far less powerful than a PC, there are billions of smartphones that can easily fall prey to illicit mining via "Trojanized" apps, redirects and pop-unders.

In 2017, Kapersky Lab researchers identified Loapi, a Trojan malware with several (and possibly endless) malicious features owing to its modular architecture, which includes adware module, SMS module, web crawler module, proxy module and notably, Monero miner module. Monero is a newer type of digital currency that's less resource-intensive than Bitcoin and other cryptocurrencies. The mining module generates new coins by leaching the electricity and hardware of the infected phone. Ironically, the malware creates such heavy workload on the infected device that it heats it up causing serious and permanent damage.

In recent months, a piece of Android malware was discovered carrying a secret and aggressive cryptocurrency miner that can physically damage an infected phone.

Malwarebytes first discovered the malware while the team was testing a malvertising chain on Windows and Chrome that would lead to tech support scams. When they tested the same chain on Android, they were "redirected via a series of hops to that crypto-mining page."

The page features a warning message and a CAPTCHA code that users need to enter, otherwise, the website will proceed to mine Monero cryptocurrency (XMR) at full speed. Malwarebytes found several identical domains, all of which use the same CAPTCHA code, registered as early as November 2017 — the latest five domains however, were more recent. It's estimated that the five domains receive around 800,000 visits per day, with visitors spending an average of four minutes on the site. The team puts the ballpark revenue at a few thousand dollars a month but given the volatility of cryptocurrencies, the profit could exponentially grow overnight.

This phenomenon isn't limited to Android devices, no matter how fanatic Apple defenders are about their phone's security features. Security firm SentinelOne revealed that a third piece of Mac malware (following OSX.Mami and OSX.CrossRAT) was being spread via hack of the MacUpdate site. The Mac Trojan, OSX.Creative Update, also harnesses CPU power to surreptitiously mine Monero.

Despite the above-mentioned hack of a trusted site, sticking to official websites to download applications still applies as a rule of thumb. Keeping your software up-to-date and using appropriate antivirus software, same way you would safeguard your PC, would greatly reduce the risks of cryptocurrency mining operation attacks on your mobile device.

Related Articles