The process of "mining" (mining) virtual currency requires a large computing power. This is why the trend has arisen where hackers hijacked victims' computers for mining, with malware or scripts tucked into websites. The more computers hijacked, the greater the collective resources for the process. Later, this kind of incident widened also into the realm of mobile gadgets. Malwarebytes mobile security firm revealed a large-scale attack specifically targeting Android smartphones. The hackers involved using the redirect advertising method to switch mobile browsers on mobile devices to multiple sites contain Monero (XMR) virtual currency monitors. The number of CPU utilization indicating the use of processor by mining process also jumped. Surprisingly, the site of the virtual currency miner was frank about using Android device visitors alias redirect victims to do the mining. The site then asks the victim to enter a captcha to prove that the victim is not a "bot". After entering captcha, the victim will be redirected back to Google homepage. While not entering this captcha, the site will continue to use the victim's device resources to the maximum to mine the virtual money (cryptomining).
The method hackers use to redirect is not known exactly, but it allegedly involves a malware-infected application that is downloaded to the victim's device, to then display ads to the mining site. In his report, Malwarebytes explained the average of these diverted victims spent four minutes on these mining sites. The site initially loaded as a pop-under for indirect victims
- The site view contains the cryptominer (left) that mines the virtual money on the victim's Android redirect device (left image). In the right picture graph of the usage of gadget processor that suddenly jumped because the device used to mine the virtual money while opening the site.* (Malwarebytes)
This large-scale "cryptomining" attack could result in a large-value virtual currency for the hacker group of the culprit. Smominru's malware miner who targets the Windows operating system with EternalBlue exploit, for example, is estimated to have managed to mine a virtual currency worth 3.6 million US dollars. Hacker operations targeting Android devices via redirect to mining sites are estimated to have been running since November last year, but only began to be widely known in January this year. In order not to be a victim, Malwarebytes advises mobile device users to install ad-blocker and other security applications.