UK Edition
Surge in cryptocurrency mining hacks blamed on risky smartphone apps
A cryptocurrency mining virus that hijacks computers and smartphones after they visit websites has surged in the last three months, thanks to risky smartphone apps and infected webpages.
The Coinhive software, used to exploit a device's computing power to run the Monero cryptocurrency, has seen a 460 per cent surge in the last three months, according to security company Proofpoint.
While Coinhive was originally developed to allow website operators to monetise their sites or replace adverts, attackers in recent months have modified the code and inserted it on websites and apps without informing users.
Experts believe these kinds of attacks are only going to become more prevalent as it "is a road to success" for criminals to make large profits.
Proofpoint, believes the 460 per cent jump in Coinhive traffic could be down to its malicious use on smartphones. Once onto the device, the code reduces performance and increases energy usage as it mines the cryptocurrency.
Proofpoint stated that earlier this year 19 Android smartphone apps, injected with the Coinhive code, were uploaded and made available through the official Google Play Store.
The apps were secretly loading the malicious Coinhive script whenever the user started the app. It would load up an internet browser page that ran secretly mining code in the background of peoples’ phones.
The apps identified by Proofpoint have since been removed from the Play Store.
Throughout the second quarter of 2018, the company noticed a steady growth of activity relating to Coinhive, but in late May they witnesses a rapid increase in Coinhive activity, resulting in surge jump.
Previously, Coinhive activity has been increasing gradually since the start of 2018.
Sherrod DeGrippo, Director of Emerging Threats at Proofpoint, said: “Cybercriminals are following the money and right now Coinhive is a road to success.
"Coinhive traffic has also likely increased recently because the damage it inflicts isn’t immediately apparent, but it is profitable. Ransomware, for example, is extremely disruptive and banking Trojans are much more difficult to monetize.
"In March 2018, we also observed a surge in Coinhive samples appearing on our sensors, possibly due to code installations on compromised or shady websites. This could certainly be associated with the increase in actual activity in May and June, but that is speculation at this point."
Mike Pound, Assistant Professor in Computing at the University of Nottingham said: "It doesn't surprise me that malware creators are moving away from simple in browser scripts by burying mining code in apps and other banking malware.
"These kinds of attacks are only going to become more prevalent when this script is bundled into other malware as an add on. It’s an efficient route to profit for criminals."