If you were optimistic enough to believe that Android’s malware plague couldn’t get any worse, I have some bad news for you. This week, the team behind anti-malware software Malwarebytes reported on a new strain of malware that is redirecting Android owners to pages that use the device’s processing power to mine for cryptocurrency.
Malwarebytes first discovered the malware when investigating a separate campaign late last month. Specifically, the team was testing a malvertising chain on Windows and Chrome that would lead to tech support scams, but when they tested the same chain on Android, they were “redirected via a series of hops to that cryptomining page.”
The page in question features a warning message and a CAPTCHA code. Until the user enters the code, the website will proceed to mine Monero cryptocurrency (XMR) at full speed. Malwarebytes found several identical domains, all of which use the same CAPTCHA code. The first was registered in November 2017, while the latest of the five domains they found (of which there may be many more) was registered less than a month ago.
Malwarebytes estimates that the five domains it identified attain around 800,000 visits per day, with visitors spending an average of four minutes on the site. It’s impossible to determine how much money this nets the crypto-miners, but the team estimates that they are only taking in a few thousand dollars a month. And yet, as Malwarebytes notes, the unpredictable fluctuation of cryptocurrencies means that the profit could increase exponentially overnight.
“Forced cryptomining is now also affecting mobile phones and tablets en masse—not only via Trojanized apps, but also via redirects and pop-unders,” the team concludes. “While these platforms are less powerful than their Desktop counterparts, there is also a greater number of them out there.”
“We strongly advise users to run the same security tools they have on their PC on their mobile devices,” the team warns, “because unwanted cryptomining is not only a nuisance but can also cause permanent damage.”