A new malware is attacking Android users by sending them malicious domains to drive their devices to cryptocurrency mining campaign.
According to Malwarebytes blog, malicious websites and apps are governing Android users to some of the websites are set up for mining the cryptocurrency, and it revealed that more than 60 million users have been affected by this malicious domains.
Researchers said that till now five cryptocurrency mining websites get more than of 800,000 hits a day. This malware has been active since November last year.
The research blog highlights that the malware only targets mobile users, and they have a great advantage in targeting them as mobile users generally don’t use any kind of security applications or web filtering.
"While Android users may be redirected from regular browsing, we believe that infected apps containing ad modules are loading similar chains leading to this crypto mining page. This is unfortunately common in the Android ecosystem, especially with so-called “free” apps,” blog post.
However, the malicious cryptocurrency mining informs the visitors that they are being redirected to the websites which are used to mine cryptocurrency which is then used to pay for server traffic. Same captcha code is being used for small servers.
The blog adds, “We identified several identical domains all using the same CAPTCHA code, and yet having different Coinhive site keys (see our indicators of compromise for the full details). The first one was registered in late November 2017, and new domains have been created sine then, always with the same template.”
The researchers concluded, “The threat landscape has changed dramatically over the past few months, with many actors jumping on the cryptocurrency bandwagon. Malware-based miners, as well as their web-based counterparts, are booming and offering online criminals new revenue sources.”