Skip to main content

Millions of Android users are at risk from ‘drive-by’ cryptomining

virus phone
Image used with permission by copyright holder

Millions of Android users could be at risk of having their mobile devices hijacked by “drive-by” cryptominers, according to research by MalwareBytes Lead Malware Intelligence Analyst Jerome Segura.

“Drive-by” cryptomining on a mobile device is functionally identical to that received previous warnings from Malwarebytes involving desktop PCs. By redirecting web traffic to a specific address, a device’s capabilities are hijacked by a bit of JavaScript code and harnessed to mine the cryptocurrency Monero. While this may seem like a relatively harmless — if ethically questionable — way of utilizing otherwise unused resources to generate wealth, the process that hijacks your device ratchets the CPU’s functions up to 100 percent and keeps them there. If kept up for long enough, this sort of constant usage can heavily damage a smartphone’s internal components, leading to potentially expensive repairs — or worse, a whole new device. Additionally, this process takes place without consent, raising concerns over user privacy.

As with desktop drive-by cryptomining, victims can fall prey when visiting websites. According to Malwarebyte’s blog, the site usually flashes up a warning message, and asks the user to prove they’re human by entering a certain code, adding that until the code is entered the website will use the device to mine for cryptocurrency. The page claims that the warning is a countermeasure against bots, but since the code doesn’t seem to be randomized and is hard-wired into the website, it would be unlikely to be a good deterrent. In addition, once the code has been entered, the website redirects the user to Google’s homepage — not usual behavior following a captcha test.

While this issue is tied to specific webpages (a few of which Malwarebytes has identified, but the list is nowhere near complete), it’s also possible for the drive-by to affect users by way of infected ads. This is especially common, according to the blog post, in the case of certain free apps within the Android ecosystem, where a displayed ad will connect the user to the chain needed to eventually connect the device to the cryptomining page. So it’s easily possible to be infected without realizing it.

If all this sounds scary, there’s a simple way to stay safe. Malwarebytes’ blog obviously recommends that you download the Malwarebytes app to gain some security, and while that may be a good idea, there are also loads of other useful anti-virus and anti-malware apps out there that should help you keep safe in cyberspace — here’s a list of our favorites.

Editors' Recommendations

Mark Jansen
Mark Jansen is an avid follower of everything that beeps, bloops, or makes pretty lights. He has a degree in Ancient &…
Personal data of 69 million Neopets users is now up for sale after a data breach
Person typing on a computer keyboard.

Neopets, an aged website that lets users keep virtual pets and take care of them, just suffered a major data breach. Aside from the personal data of over 69 million users, the hacker was able to obtain the website's source code.

This isn't the first time Neopets has faced a massive leak, but this time around, user data is currently being sold for crypto -- and the leak includes more than just usernames and passwords.

Read more
Switching from iOS to an Android phone just got way more convenient
Pixel 6 Pro and iPhone 13 Pro.

Google is expanding support for its "Switch to Android" app on iOS — making it easier for iPhone users to bring their data over to any modern Android phone. Until now, the app was limited to Google's own Pixel handsets. But that changes with this new update. Starting today, the Switch to Android app will be compatible with all phones running Android 12.

The app makes it much easier to transfer data from iOS to Android. While the move is much appreciated, we would have liked to see more Android versions covered under this update. There are a lot of Android phones still running Android 11 and older. However, Google's app is locked to APIs introduced in Android 12.

Read more
You can finally move your WhatsApp chats from Android to iOS
WhatsApp and Telegram app icons.

Moving WhatsApp chats from Android to iOS has been a painful task for years. But not anymore, as Apple and WhatsApp have made the process a whole lot easier. Starting today, Apple is adding a feature that allows you to move chats between the two platforms. The feature is a part of Apple’s existing “Move to iOS” Android application. It’s worth noting that the feature is currently available for beta users only, so non-beta users might have to wait for a week or two as it's rolled out in phases.

This is a big move since 2 million people use WhatsApp and, until now, there wasn’t an official method to move conversations between Android and iOS. There have been third-party solutions here and there, but nothing officially backed by Apple or WhatsApp. With the feature becoming available, users will be able to move their chats swiftly from Android to iOS.

Read more