Millions of Android Devices Hacked by Cryptocurrency Mining Site to Mine Monero

Millions of Android users have been steered to a website that hijacked their phone processors for Coinhive's Monero miner.
Sibel Nicholson

Smartphone users may be vulnerable to cryptocurrency mining hijacks just like the PCs. Cybersecurity software Malwarebytes has talked about a mining campaign which redirected millions of Android users to a website that hijacked their phone processors for mining Monero. 


Researchers believe that infected applications with malicious ads direct people toward the pages. The site does this by claiming that you are showing suspicious web activity. It then tells you that it was mining until you entered a code to make it stop. Malwarebytes has already found out five internet domains using the same captcha code and the Coinhive site keys used for the campaign.

Two of the sites seemed to have 30 million visits per month, and the combined domains had about 800,000 visits per day. Most people seemed to spend a short amount of time on the pages, which was an average of 4 minutes, but that amounted to a lot of mining time.

Web filters help

Malwarebytes now recommends that Android phone users use web filters and security software to fight against these hijacks. You can also reduce the odds of encountering these campaigns by sticking to Google Play for application downloads, which makes it less likely to run into fraudster applications. However, it still doesn’t seem likely that tactics like these will go away.

Google also has the ability to shut down Android malware. The company took down over 700,000 apps that violated Play Store's policies in 2017, which was a 70 percent rise over 2016. It was also much better at pulling out fraudster applications in time to avoid infections.

With new machine learning techniques, it caught 99 percent of applications with abusive content before anyone installed them. It also took down over 250,000 copycat applications, which were riding on the back of the success of the popular applications as well as others violating policies against apps that feature hate speech, illegal acts, and porn.

The company credits Google Play Protect for its ability to spot harmful apps committing fraud, stealing information or allowing hijacks.

Government websites also prone

In addition, it is not just private companies' websites falling victim to cryptocurrency mining hijacks. Intruders have broken into over 4,200 sites with Monero, many of them government websites from around the world.

Most Popular

This includes the US court information system, the UK's National Health Service, and Australian legislatures. The intruders transmit their JavaScript code by changing an accessibility plugin for the blind, Texthelp's Browsealoud, to insert the miner wherever Browsealoud was in use. The mining took place only on Sunday before Texthelp disabled the plugin to investigate.

The UK's Information Commissioner's Office, also a government site, took pages down in response. Your system wasn't facing a security risk as with most of these injections. You would have just noticed your system slowing down while searching for government info. The mining will disappear the moment you visit another page or close the browser tab. The biggest issue was for the site operators, because their sites are open to intruders slipping in fraudster codes without authentication.

message circleSHOW COMMENT (1)chevron