Mining cryptocurrency takes a ton of processing power. In fact, in the case of Bitcoin, the amount of money one would spend on equipment and the electrical power needed to run that equipment would essentially never pay itself off in the end.
There are many other cryptocurrencies besides Bitcoin, and mining them is more lucrative. But why buy a bunch of equipment for mining when you can just hijack other computers and make them do the work for you?
That’s exactly what hackers did to millions of Android phones via a malicious ad redirect scam, according to Malwarebytes. The exact methodology used is not completely clear, but it appears users downloaded infected apps that quickly redirected them to a website. The website directly laid out that it was using the infected device to mine cryptocurrency, and would only stop when the user entered a valid CAPTCHA code. You can see the site (and the resulting spike in processor use) in the image at the top of this article.
The average length of time a user spent on this malicious site was 4 minutes, but the site had over 30 million visits per month. Add that up, and the hackers definitely mined a large amount of crypto.
Smartphone users are notoriously lax about the security of their devices. For example, a Pew Research study in 2017 concluded that 28% of smartphone owners don’t even have a screen lock or other security feature to prevent access to their phones. If they can’t be bothered to protect their phones physically, how many do you think have some form of malware protection installed?
Malwarebytes recommends using web filters and security software to keep your phone safe, and it’s common sense to only download apps from the Google Play Store, as you’re much less likely to get infected programs that way.
Interested in securing your phone? This article lays out some helpful tips!