Malicious browser-based cryptominers are becoming increasingly common. Because of this, it really shouldn’t be a surprised that security researchers have detected a version of the malware that targets mobile devices – most of which seem to be Android based.
Malwarebytes has reported detecting a sort of browser hijack attack that redirects users to cryptomining laced sites. Curiously, the site displays a CAPTCHA code for the user to verify that they are human. Until this is done, the page will use 100% of available processing power to mine for Monero – the most popular cryptocurrency among cybercriminals these days.
It’s still unclear as to who is behind this particular attack, although it seems to be one of many incidents that make use of the Coinhive script. According to the research, the hijack seems to have been in operation since November 2017, but was only accidentally stumbled upon last month.
How profitable this sort of attack is difficult to determine. Mobile devices aren’t exactly computing powerhouses compared to the massive mining rigs used for true heavy duty cryptomining. However, it raw economies of scale in targeting mobile browsers that often lack additional safeguards against such attacks may make it a very attractive prospect.
The presense of the CAPTCHA code seems to indicate that the attack is targeting bots. Largely because this is the easy kind of traffic that will get stuck on the site for long periods of time. On the other hand, it’s unlikely that these bots will be operating from mobile devices. Which only calls into question who this script is designed to target.