Skip to main content
  1. Home
  2. Mobile
  3. News

Millions of Android users are at risk from ‘drive-by’ cryptomining

By
virus phone
Image used with permission by copyright holder

Millions of Android users could be at risk of having their mobile devices hijacked by “drive-by” cryptominers, according to research by MalwareBytes Lead Malware Intelligence Analyst Jerome Segura.

“Drive-by” cryptomining on a mobile device is functionally identical to that received previous warnings from Malwarebytes involving desktop PCs. By redirecting web traffic to a specific address, a device’s capabilities are hijacked by a bit of JavaScript code and harnessed to mine the cryptocurrency Monero. While this may seem like a relatively harmless — if ethically questionable — way of utilizing otherwise unused resources to generate wealth, the process that hijacks your device ratchets the CPU’s functions up to 100 percent and keeps them there. If kept up for long enough, this sort of constant usage can heavily damage a smartphone’s internal components, leading to potentially expensive repairs — or worse, a whole new device. Additionally, this process takes place without consent, raising concerns over user privacy.

Recommended Videos

As with desktop drive-by cryptomining, victims can fall prey when visiting websites. According to Malwarebyte’s blog, the site usually flashes up a warning message, and asks the user to prove they’re human by entering a certain code, adding that until the code is entered the website will use the device to mine for cryptocurrency. The page claims that the warning is a countermeasure against bots, but since the code doesn’t seem to be randomized and is hard-wired into the website, it would be unlikely to be a good deterrent. In addition, once the code has been entered, the website redirects the user to Google’s homepage — not usual behavior following a captcha test.

Malwarebytes
Malwarebytes
Please enable Javascript to view this content

While this issue is tied to specific webpages (a few of which Malwarebytes has identified, but the list is nowhere near complete), it’s also possible for the drive-by to affect users by way of infected ads. This is especially common, according to the blog post, in the case of certain free apps within the Android ecosystem, where a displayed ad will connect the user to the chain needed to eventually connect the device to the cryptomining page. So it’s easily possible to be infected without realizing it.

If all this sounds scary, there’s a simple way to stay safe. Malwarebytes’ blog obviously recommends that you download the Malwarebytes app to gain some security, and while that may be a good idea, there are also loads of other useful anti-virus and anti-malware apps out there that should help you keep safe in cyberspace — here’s a list of our favorites.

Editors’ Recommendations

Topics
Mark Jansen
Mark Jansen
Mobile Evergreen Editor
Mark Jansen is an avid follower of everything that beeps, bloops, or makes pretty lights. He has a degree in Ancient &…
Android 15 will give your phone an important new security feature
Android 15 logo on a Google Pixel 8.

Google is introducing a security feature in Android 15 to guard against "juice jacking" attacks, as reported by Android Authority, The new feature is currently being tested in the Android 15 beta.

Wondering what a "juice jacking" attack is? It describes an event where a hacker secretly sends data payloads to your device, should it have the ability to both charge and transfer data over the same USB connection. This includes most modern smartphones, and examples of hardware used for juice jacking include mobile charging stations. Should the attack be successful, hackers could compromise the device, wreak havoc, and endanger your privacy.

Read more
If you have one of these apps on your Android phone, delete it immediately
The app drawer on the Google Pixel 8 Pro.

The NSO Group raised security alarms this week, and once again, it’s the devastatingly powerful Pegasus malware that was deployed in Jordan to spy on journalists and activists. While that’s a high-profile case that entailed Apple filing a lawsuit against NSO Group, there’s a whole world of seemingly innocuous Android apps that are harvesting sensitive data from an average person’s phone.
The security experts at ESET have spotted at least 12 Android apps, most of which are disguised as chat apps, that actually plant a Trojan on the phone and then steal details such as call logs and messages, remotely gain control of the camera, and even extract chat details from end-to-end encrypted platforms such as WhatsApp.
The apps in question are YohooTalk, TikTalk, Privee Talk, MeetMe, Nidus, GlowChat, Let’s Chat, Quick Chat, Rafaqat, Chit Chat, Hello Chat, and Wave Chat. Needless to say, if you have any of these apps installed on your devices, delete them immediately.
Notably, six of these apps were available on the Google Play Store, raising the risk stakes as users flock here, putting their faith in the security protocols put in place by Google. A remote access trojan (RAT) named Vajra Spy is at the center of these app's espionage activities.

A chat app doing serious damage

Read more
Samsung just killed one of its most important Android phones
Galaxy Fold open.

Today marks a milestone in the era of foldable smartphones as Samsung officially puts its legendary first-generation Galaxy Fold out to pasture.

After four years on the market, the original Galaxy Fold will no longer receive regular security updates. To be fair, the first Fold was already living on borrowed time, as it was left out of last year’s Android 13 update. However, when Samsung launched the expensive foldable, it promised a full four years of security updates for the device.

Read more