Skip to main content

Report: Millions of Android users have had their phone hijacked for cryptocurrency mining

You would have had to live under a rock for the past several months in order to skip the non-stop talks about cryptocurrency this year. Massive spikes in Bitcoin value triggered a lot of people to check out cryptocurrency, and it also triggered new methods on monetizing websites…

Recently, a trend has emerged with websites using the power of their users’ computers to mine cryptocurrency with their “unused computing power.” It’s a cool idea, but it can be a bit sketchy if the user isn’t aware.

According to a recent post by MalwareBytes, quite a lot of Android users have been affected by a site that does this exact same thing. The “drive-by” campaign works by redirecting Android users to a website that hijacks their device for the purpose of mining the cryptocurrency Moreno, similar to an attack we saw on YouTube recently.

MalwareBytes doesn’t have a specific number for how many users have been affected by this, but it estimates that two of the sites that played a role had at least 30 million visits each month. Further, the combined domains generated over 800,000 visits daily.

We estimate that the traffic combined from the domains we identified so far equals to about 800,000 visits per day, with an average time of four minutes spent on the mining page. To find out the number of hashes that would be produced, we could take a conservative hash rate of 10 h/s based on a benchmarkof ARM processors.

The websites doing this weren’t exactly subtle either. Apparently, they displayed a message saying that your device is “showing suspicious activity” and requires a captcha code to stop the mining. It says that it was doing this to “recover server costs from bot traffic.”

It’s also unclear how much cryptocurrency has been generated by this. Even though most users only spent an average of about 4 minutes on those pages, that still adds up to a lot of mining time.

Attacks like these probably won’t be stopping anytime soon, so MalwareBytes recommends that you run tools on your phone, like the company’s own Android app to fend against this sort of behavior.


Check out 9to5Google on YouTube for more news:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel