Millions of Android devices hijacked to mine Monero coin

Millions of Android devices hijacked to mine Monero coin

However, in the few seconds that it takes for the visitor to solve the CAPTCHA code, the website infects the used device with a cryptojacking malware that will keep running in the background without the device owner's knowledge.

The Malewarebytes team recommend that Android users run web filtering and other security software on their devices to avoid such attacks.

Over the weekend, more than 4,000 websites in the US, UK, Australia and other nations were hijacked with hackers tweaking the code of a plugin named BrowseAloud to secretly mine cryptocurrency. While the associated domains display information relating to a standard technical support scam when viewed on Internet Explorer or Chrome, the Monero mining attack is presented through a series of redirects when "Android" is present in the browser user-agent, according to the MalwareBytes blog.

While Android users may be redirected from regular browsing, it is believed that infected apps containing ad modules are loading similar chains leading to this cryptomining page.

Researchers from the security firm spotted the campaign in January but believe it began in November past year. The first was registered in November 2017, while the latest of the five domains they found (of which there may be many more) was registered less than a month ago.

This new campaign works a little different than most. When entered, the mining stops; however, until then, the affected smartphones are being utilized for every thread they are able to process.


We estimate that the traffic combined from the five domains we identified so far equals to about 800,000 visits per day, with an average time of four minutes spent on the mining page.

"It is hard to determine how much Monero currency this operation is now yielding without knowing how many other domains (and therefore total traffic) are out there", said Jérôme Segura, Malwarebytes researchers.

There has been a rapid increase in cryptojacking attacks in the last few months as most cryptocurrencies, including monero, experience a price increase. "Malware-based miners, as well as their web-based counterparts, are booming and offering online criminals new revenue sources". The researchers said that redirect scripts were responsible, but they also suspect malicious apps may have played a role.

"No platform is immune to cryptomining, and although mobile devices may indeed be less powerful than full fledged desktops, there is a greater number of them out there", Jérôme Segura, lead malware intelligence analyst at Malwarebytes told ZDNet.

Malwarebytes mobile users are protected against this threat.

Related Articles

  • '13 Reasons Why' author reportedly booted from writing organization following harassment claims

    '13 Reasons Why' author reportedly booted from writing organization following harassment claims

    I hope that the allegations against Asher don't diminish the important messages and themes of the story, regarding sexual harassment.
    FBI, NSA Warn Americans against Buying Huawei Smartphones

    FBI, NSA Warn Americans against Buying Huawei Smartphones

    Six US intelligence chiefs, including those from the FBI, CIA and NSA, have advised against using Huawei and ZTE phones. Huawei, for its part, tells CNBC that it "poses no greater cybersecurity risk than any ICT vendor".
    Under Armour spikes after big revenue beat (UAA)

    Under Armour spikes after big revenue beat (UAA)

    The Baltimore-based retailer has suffered in North America, where demand for its apparel merchandise hasn't been as strong. The average 1 year target price among analysts that have issued ratings on the stock in the last year is $15.99.
  • Interstellar Asteroid Oumuamua Had Violent Past, Say Researchers

    Interstellar Asteroid Oumuamua Had Violent Past, Say Researchers

    Oumuamua was so mysterious and its shape was so odd that scientists got confused whether to call it an asteroid or a comet . That's when it was reclassified as an interstellar asteroid - the first ever observed - and named 1I/2017 U1 ('Oumuamua).
    Human Error To Blame For Comm Games Ticket Fail

    Human Error To Blame For Comm Games Ticket Fail

    England has a strong record in wrestling at the Commonwealth Games having won a total of 63 medals including 5 gold medals. More than 1000 defence personnel will be deployed on the Gold Coast, while AFP officers will work alongside QPS.
    Taylor Swift has dodged her 'Shake It Off' copyright lawsuit

    Taylor Swift has dodged her 'Shake It Off' copyright lawsuit

    USA district court judge Gail Standish threw out the suit, invoking lyrics from a variety of Swift's best-known songs. According to a spokesperson for Swift, the lawsuit was just a money grab, and they simply do not have a case.
  • Norwegian Plans More Flights from London to Latin America and Asia

    Norwegian Plans More Flights from London to Latin America and Asia

    Kjos did however single out issues that could create turbulence looking ahead, with airspace limitations cited as a major concern. This could include onward connections to Mendoza, Cordoba, and Iguazu Falls for United Kingdom travellers, Kjos suggests.
    Warner Bros. Releases English 'Batman Ninja' Trailer

    Warner Bros. Releases English 'Batman Ninja' Trailer

    There's quite a bit of talent behind Batman Ninja , and here's a quick description of who's involved from the Warner Bros . The second trailer for Batman Ninja arrived Tuesday and the anime movie looks even better than we could have imagined.

    Microsoft gives sysadmins Meltdown and Spectre detection in Windows Analytics

    The tools also will report if a registry setting change was made to block a problematic Spectre variant 2 microcode update. Initially, this status will be limited to the list of approved and available firmware security updates from Intel.
  • NYT Fires Newly Hired Editorial Member for Friendship With neo-Nazis, Slurs

    NYT Fires Newly Hired Editorial Member for Friendship With neo-Nazis, Slurs

    Norton, a freelance writer, is best known for her work in Wired , covering hacker culture, Anonymous, and in the Occupy movement. Across Twitter, people began pointing out a slew of Norton's tweets from years ago in which she used gay and racial slurs.
    Warring Matabele ant soldiers 'retrive injured from battlefield'

    Warring Matabele ant soldiers 'retrive injured from battlefield'

    It is an unprecedented glimpse of nursing in nature, a programmed behaviour that significantly reduces deaths in the ant colony. About four or five ants gather around an injured ant and take turns to lick the wounded leg for two to three minutes at a time.
    Did Rutgers just win the 2013 Pinstripe Bowl?

    Did Rutgers just win the 2013 Pinstripe Bowl?

    The NCAA rejected Notre Dame's appeal of 21 vacated wins , making the Fighting Irish's all-time win total 885. The Irish won 12 games in 2012 before losing to Alabama in the BCS championship game and went 9-4 in 2013.