‘Drive-by’ Crypto-Mining Affecting Millions of Android Users: Malwarebytes - TheExtremeTech
Connect with us

Tech News

‘Drive-by’ Crypto-Mining Affecting Millions of Android Users: Malwarebytes

Published

on

If you haven’t been paying attention to the rising scourge of crypto-mining scripts on websites hijacking your computer hardware to mine cryptocurrencies, you should.

From Facebook to YouTube, nobody is apparently safe from this growing menace, with recent reports even suggesting that thousands of government sites in the UK were recently targeted by crypto-mining malware. Now, security researchers at Malwarebytes are reporting that they have found evidence that millions of Android devices may have become part of the largest “drive-by crypto-mining campaign” targeted specifically at mobile devices.

According to the research published on the company’s official blog yesterday, the fact that most people do not use any web-filtering or security applications on their smartphones is being exploited by a section of cyber-criminals to run crypto-mining scripts for Monero (XMR), one of the leading cryptocurrencies right now.

“In a campaign we first observed in late January, but which appears to have started at least around November 2017, millions of mobile users (we believe Android devices are targeted) have been redirected to a specifically designed page performing in-browser cryptomining”.

Read Also: FBI, CIA, NSA Warn Americans Against Buying Huawei Smartphones

The exploit uses forced redirects and Trojanized apps, which are not new, but in a curious bit of social engineering, they are honest about being crypto miners. While most cyber-criminals would keep this fact hidden, this new wave of miners is being clear about its purpose. The attackers claim the mining is being done to pay for server traffic, and will continue to do so until the visitor can prove they are human and not ‘bots’, by solving a captcha.

crypto-mining

As can be seen in the above screenshots, the sites ask visitors to solve a captcha and till then will use the phone’s resources to mine Monero.

Malwarebytes has listed the affected domains and also the sites with redirect you to these domains. It would be wise to block these from your network if you have the know-how. Ominously, the company warns that the problem is going to get worse with more such mining attacks likely to hit the web.

“The first (domain) was registered in late November 2017, and new domains have been created since then, always with the same template”. With cryptocurrencies bouncing back from a slump off-late, it would be interesting to see whether this particular modus operandi will continue in the same vein even after its discovery.

Am David, a professional blogger who craves for more knowledge and passionate about writing tutorials on Blogging, SEO, Tech Phone/PC tutorials and so much more...

Continue Reading
1 Comment
  • cityceilings says:

    Hi very nice article keep it up the good work Wonderful!! Thank you for posting informative blog. Your posts are more interesting and informative

  • Tech News

    Reliance JioFiber with Free 100Mbps Internet to be Launched in March: Report Says

    Published

    on

    By

    After several months of rumors, speculations and alleged leaks, JioFiber, the much-hyped Fiber broadband network from Mukesh Ambani’s Reliance Jio, may finally see the light of day this March, according to reports today.

    The JioFiber service could apparently launch as early as next month, as per a report in DNA. While the exact launch date for the JioFiber service is yet unknown, the story suggests that the company will look to disrupt the country’s broadband market with lucratively-priced high-speed offerings, just like it did with its LTE services back in 2016.

    What we do know, however, is that Jio will offer India’s first large-scale, commercial Gigabit services, something the company has long been testing in at least 10 cities around the country including, but not limited to, Mumbai, Delhi-NCR, Ahmedabad, Jamnagar, Surat and Vadodara.

    jiofiber

    One thing to note here is that the March-end date that is being touted, is unlikely to be the full-fledged commercial launch of JioFiber. Just like it did with its LTE services back in 2016, Jio is expected to have a soft launch next month, whereby the company will offer free services to customers till the official launch at a later date.

    Read Also: New Skype Bug Could Provide Unrestricted Access to Hackers

    Earlier rumors suggested that the pricing of the JioFiber will start at Rs. 500 for 600GB of data at 100Mbps, although, you’ll do well to take these figures with more than just a pinch of salt. It remains to be seen if Jio can do to the home broadband market what it did to the cellular market over the past couple of years.

    The company already has a lot of goodwill among consumers because of the way it handled the roll out of its 4G services (all the petabytes of free data didn’t hurt either), so it will be interesting to see if the company can finally also democratize home broadband, which has traditionally suffered from slow speeds, reliability issues and absurdly high pricing. If it can, expect the likes of Netflix, Hotstar and Amazon Prime Videos gain even more traction in the days to come.

    Continue Reading

    Tech News

    New Skype Bug Could Provide Unrestricted Access to Hackers

    Published

    on

    By

    A new bug has been discovered in Skype’s updater which can potentially allow hackers to gain complete access to a user’s system. First reported by security expert Stefan Kanthak at Seclists.org, the bug can be exploited to gain unrestricted access to every part of the operating system.

    According to Kanthak:

    “Once installed, Skype uses its own proprietary update mechanism instead of Windows/Microsoft Update…[Because] Skype periodically runs ‘%ProgramFile%\Skype\Updater\Updater.exe’ under the SYSTEM account, when an update is available, [the] Updater.exe copies/extracts another executable as ‘%SystemRoot%\Temp\SKY.tmp” /QUIET’.”

    Kanthak goes on to explain that it is because of the aforementioned executable that the updater is vulnerable. Hackers can make use of DLL highjacking as the executable loads at least one DLL file called ‘UXTheme.dll’ from its application directory instead of loading its from the Windows system directory.

    Read Also: FBI, CIA, NSA Warn Americans Against Buying Huawei Smartphones

    If a local user is able to place the UXTheme.dll or any of the other DLLs loaded by the vulnerable executable, the user will be able to gain access to the SYSTEM account. Microsoft has already ways to avoid the vulnerability, but Kanthak claims that the company’s developers seem to be ignoring the issue.

    Kanthak adds that he alerted Microsoft about the bug back in September, but the company has not released a fix. According to Seclists’ reported timeline of the bug, Microsoft is expected to release a fix in a newer version of Skype, instead of rolling out a dedicated security update, as the latter option would be too painstaking giving the company’s development cycle.

    Continue Reading

    Tech News

    FBI, CIA, NSA Warn Americans Against Buying Huawei Smartphones

    Published

    on

    By

    Expressing their lack of trust in Chinese manufacturer Huawei, directors of six top investigating agencies in the US have advised Americans against using smartphones made by the company. These recommendations were made to the Senate Intelligence Committee by the heads of the FBI, the NSA, the CIA, and the director of national intelligence.

    What has irked these agencies is the fact that Huawei‘s founder was a former engineer of the People’s Liberation Army of China and the company is believed to have “extraordinary ties” with the Chinese government. As a result, Huawei was banned from bidding for US government contracts in 2014 and has been facing several problems in entering the American market.

    As per CNBC, FBI’s Director Chris Wray warned the Senate about the risks associated with allowing companies which are supervised or regulated by “foreign governments that don’t share” the same values as them. It will, as per Wray, give these companies share the “capacity to maliciously modify or steal information and…undetected espionage.”

    Huawei had lately been trying to enter the US with the launch of its latest flagship Mate 10 Pro in partnership with local carrier AT&T. The deal was, however, reportedly called off under the pressure from the government.

    Read Also: Apple Could Include Face ID in All Three iPhone Models This Year

    Two lawmakers, Michael Conaway and Liz Cheney, are even trying to completely block Huawei’s entry into the US Market and recently introduced a bill which prohibits the government employees from using smartphones made by Huawei and fellow Chinese manufacturer ZTE.

    The two Representatives had also warned US companies that participating in business with either of the two Chinese firms will reduce their chances to engage in business with the government.

    In its defense, Huawei spokesperson responded saying, “Huawei is trusted by governments and customers in 170 countries worldwide and poses no greater cybersecurity risk than any ICT vendor“.

    Meanwhile, Huawei’s recent attempt to enter the US market has been seen as rather desperate, as the company was found to be hoarding fake reviews for the unlocked version of the Mate 10 Pro.

    Continue Reading

    Trending

    >