Millions of Android phones are victim of cryptomining for Monero

MoneroAnti-malware software company Malwarebytes claims that millions of Android phones have already been victim of drive-by crypto mining for the Monero (XMR) currency.
Android users often don’t use web filtering or security applications on their mobile devices, which puts them at risk of getting malvertising and online fraud through forced redirects and Trojanized apps. Cryptomining for the Monero (XMR) currency is one of the most lucrative payloads at the moment, first observed by Malwarebytes in late January, but which appears to have started at least around November 2017.
Jérôme Segura, Lead Malware Intelligence Analyst at Malwarebytes
Jérôme Segura, Lead Malware Intelligence Analyst at Malwarebytes

Jérôme Segura, Lead Malware Intelligence Analyst at Malwarebytes, said: “The discovery came while we were investigating a separate malware campaign dubbed EITest in late January. We were testing various malvertising chains that often lead to tech support scams with an Internet Explorer or Chrome user-agent on Windows. However, when we switched to an Android, we were redirected via a series of hops to that crypto mining page.”

Drive-by mining is usually an automated technique, without user consent, and mostly silent. In this case, however, visitors are presented with a CAPTCHA to solve in order to prove that they aren’t bots, but rather real humans. Until the code (w3FaSO5R) is entered and you press the Continue button, your phone or tablet will be mining Monero at full speed, maxing out the device’s processor.
“We estimate that the traffic combined from the domains we identified so far equals to about 800,000 visits per day, with an average time of four minutes spent on the mining page. To find out the number of hashes that would be produced, we could take a conservative hash rate of 10 h/s based on a benchmark of ARM processors.
Android“It is difficult to determine how much Monero currency this operation is currently yielding without knowing how many other domains (and therefore total traffic) are out there. Because of the low hash rate and the limited time spent mining, we estimate this scheme is probably only netting a few thousand dollars each month. However, as cryptocurrencies continue to gain value, this amount could easily be multiplied a few times over”, Segura added.
Malware-based miners, as well as their web-based counterparts, are booming and offering online criminals new revenue sources.