Millions of Android users could be at risk of having their mobile devices hijacked by “drive-by” cryptominers, according to research by MalwareBytes Lead Malware Intelligence Analyst Jerome Segura.
As with desktop drive-by cryptomining, victims can fall prey when visiting websites. According to Malwarebyte’s blog, the site usually flashes up a warning message, and asks the user to prove they’re human by entering a certain code, adding that until the code is entered the website will use the device to mine for cryptocurrency. The page claims that the warning is a countermeasure against bots, but since the code doesn’t seem to be randomized and is hard-wired into the website, it would be unlikely to be a good deterrent. In addition, once the code has been entered, the website redirects the user to Google’s homepage — not usual behavior following a captcha test.
While this issue is tied to specific webpages (a few of which Malwarebytes has identified, but the list is nowhere near complete), it’s also possible for the drive-by to affect users by way of infected ads. This is especially common, according to the blog post, in the case of certain free apps within the Android ecosystem, where a displayed ad will connect the user to the chain needed to eventually connect the device to the cryptomining page. So it’s easily possible to be infected without realizing it.
If all this sounds scary, there’s a simple way to stay safe. Malwarebytes’ blog obviously recommends that you download the Malwarebytes app to gain some security, and while that may be a good idea, there are also loads of other useful anti-virus and anti-malware apps out there that should help you keep safe in cyberspace — here’s a list of our favorites.