The war of coin-driven mining—through which websites and apps manipulate source code on other devices—shows no sign of slowing down. Over the weekend, researchers added two more incidents: one with more than 4,200 sites (some of them working government agencies), while others target millions of Android devices.
Millions of Android devices targeted
This is the second instance of mass mining targeting millions of Android devices since November, the security provider said. Malwarebytes said on Monday. The ad displays a web page to unsuspecting users that their device is showing suspicious signs. The website directs them to complete a CAPTCHA to prove that their device is controlled by a human instead of a malicious script. Until the end user completes the CAPTCHA, the machine runs code that exhausts the resources that mine Monero for the attacks.
A quick check of two of the five sites known so far to display the CAPTCHA mining code indicates the campaign is hitting tens of millions of devices. Results returned by A similar website shows that rcyclmnr().com received 34.2 million visits since November, with 98.5 percent of visits coming from mobile devices. A separate page used in the campaign, recycloped (.)com, received 32.3 million visits, with 95 percent of its views coming from mobile devices.
Malwarebytes researchers estimate that the five domains collectively receive an average of 800,000 visits per day. Each visit to the mining page, according to Malwarebytes, lasts an average of four minutes. The researchers say that redirect scripts are responsible, but they also suspect that malicious applications may have played a role.
“Due to the low hash rate and the limited time spent mining, we estimate this plan might net a few thousand dollars a month,” Malwarebytes chief malware intelligence expert Jérôme Segura wrote in Monday’s report. “However, as cryptocurrencies continue to gain value, this value can easily multiply over time.”
The minimal benefits to drive-through mining scammers are in contrast to its effects on end users. Mining scripts that run on PCs for extended periods of time have the potential to consume a lot of electricity and even make certain companies unable to operate due to the strain that miners put on servers and bandwidth. network of miners. Researchers at Kaspersky Lab, meanwhile, recently documented a very aggressive Android miner that corrupts the phone it runs on.