60 million Android users hit by cryptocurrency miner malware
A malvertising campaign is targeting Android users and forcing their smartphones to mine Monero or XMR cryptocurrencies for as long as it can keep them active on shady websites. 60 million Android users have already been hit. The good news is that it can be avoided easily. The bad news, however, is that if you're affected, it might damage your phone permanently. Here's more.
Exact names of malicious websites not known yet
California-based security firm Malwarebytes Labs discovered the campaign and said that the attack is an example of "drive-by mining" where a device is exploited to mine cryptocurrency only for a short period of time. Malwarebytes, however, couldn't pinpoint the exact sites through which attacks are being carried out but, judging by the number of affected users, some of them must be popular.
Infected free apps could also be contributing to spreading infection
Malwarebytes' blog post about the scheme revealed that by targeting mobile users, the attackers have a great advantage since most mobile users don't use anti-virus suites. Apart from shady websites, the post said infected free apps in the Android ecosystem could also be contributors.
What risk your phone faces from the cryptocurrency-miner
The attack might seem relatively harmless since it exploits your phone for a short while and leaves no traces. However, cryptocurrency mining is a very heavy-duty operation even for gaming computers. For an Android phone, it might be a death sentence. Monero mining uses a 100% of CPU capacity indefinitely, which might cause the phone's chips to melt due to overheating in extreme cases.
Not possible to avoid the attack without an anti-virus suite
The malvertising is likely to be on shady pop-up websites or adverts, and the best way to protect yourself from it is to install an anti-virus suite on your phone. Malwarebytes recommends its own app, but others like Norton, Avast etc. also work. An anti-virus suite apart, however, it's not quite possible to "avoid" the attack, owing to the insidious nature of malvertising.