Millions of Android users have unwittingly lent their device to a drive-by cryptocurrency mining campaign in what’s believed to be the first large operation of this kind to specifically target mobile users. Malicious apps and sites with malvertising are redirecting millions of users to websites set up for the purposes of mining the Monero cryptocurrency. The five cryptocurrency mining websites receive a combined total of 800,000 visits a day, as part of a cybercrime campaign that has been active since November — according to researchers at Malwarebytes.
For the attackers, the advantage of targeting mobile devices is that many users don’t use any sort of web filtering or security applications, meaning they’re left without software to warn them about suspicious activity. There are also a very large numbers of mobile devices that could be roped into the scheme.
Researchers say that while some of the forced redirection attacks may occur during regular browsing, it’s likely infected apps also play a role, with ad modules within them directing users towards the cryptomining pages with various Coinhive site keys. They say it’s likely these infected apps are free downloads from untrusted third-party marketplaces.
Read more about the first large-scale cryptocurrency campaign targeting mobile on ZDNet.