CyberWisdom Safe Harbor Commentary on Drive-by Cryptocurrency Miner Activities
Drive-by Cryptocurrency Miner
Malicious apps and malicious ad sites are redirecting millions of users to websites set to mine Monero’s cryptocurrency.
According to researchers at Malwarebytes, the five cryptocurrency mining sites receive a total of 800,000 daily visits as part of an ongoing cybercrime campaign that has been active since November.
The benefit of targeting mobile devices for attackers is that many users do not use any type of web filtering or security application, which means they have no software to warn them of suspicious activity.
Jérôme Segura, chief malware intelligence analyst at Malwarebytes, told ZDNet: “No platform can withstand cryptomining, and mobile devices do more of their work than full desktops,” said ZDNet.
The researchers said while some coercive redirect attacks may occur during normal browsing, infected applications may also play a role, with the ad module directing users to the password page with various Coinhive site keys. They said that these infected applications may be free downloads of untrusted third-party markets.
Drive-by Cryptocurrency Mining
The very nature of money mining means that it’s going behind the scenes and does not warn users that their computer is in use, except to slow down the system or allow system fans to spin up.
However, the team behind the encryption promotion took a very different approach, telling visitors to redirect to their site and their devices were used to mine cryptocurrencies. Attackers claim that mining is paying for server traffic.
“Your device shows suspicious surfing behavior and proves you are human by working on the verification code until you verify it as human and your browser will mine Cryptocurrency Monero for us to recover server costs due to bot traffic “caveat.
Every user has the same passkey – w3FaSO5R – Phone or tablet will not switch on Monero at full speed until the input is complete and the Resume button is pressed to maximize the performance of the device’s processor – Failure to do so may result in damage to the device.
The mobile cryptocurrency miner tells the user what it is doing – and maximizes the device processor until code entry stops.
Traffic analysis shows that the average time a visitor spent on this Monero mining page was about four minutes and the page was initially populated as a pop-up so that it could perform its initial bursting activity without the user noticing immediately.
Between November and January, two of the five websites each have more than 32 million visitors.
These devices have only a fraction of the power of a personal computer, but the Monarora collected from a smartphone can still fund the people behind the plan. Researchers estimate the entire operation can cost thousands of dollars a month, given the short processor power and production time.
However, as evidenced by the rise of bitcoin, the value of cryptocurrencies is likely to increase significantly.
It is worth noting that websites that are redirected to mining sites are not necessarily malicious because malicious ads may be placed on them without a host of knowledge.
The event is still active and has successfully targeted millions of Android devices, as a large number of users still do not know that their devices may be attacked in a manner similar to desktop computers.
However, attacks like this cryptocurrency mining operation can be prevented by using the appropriate software just like PC attacks.
“Mobile users should use the same protection mechanisms that they have on their PCs, that is, ad blockers, network protection and security applications,” Segura said.
Large-scale crypto-currency activities can generate huge sums of money for their operators – miners attacking Windows with EternalBlue vulnerabilities is said to have extracted $ 3.6 million worth of cryptocurrencies.
Researchers say that at least 60 million visits have been forcibly made to malicious Monero sites in what represents the first large-scale …… Engaging post, Read More…
thumbnail courtesy of zdnet.com
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post »