Security firm Malwarebytes has found that millions of Android smartphones have been hijacked to cryptomine Monero (XMR) currency.

What is Cryptomining?

No, it is not about creating new bitcoins for you (Monero does that at a whim – there is no ‘Gold Standard’ to back cryptocurrency) but about providing your CPU power to validate transactions. In return ‘miners’ are given infinitesimal amounts of the cryptocurrency. The reward decreases Monero’s costs by contributing your CPU power to the processing power of the network.

How do Android devices become infected and start cryptomining?

Malwarebytes says you download an infected app – hopefully not from Google Play – that installs ‘Malvertising’ that leads to an infected web-site that downloads the malware – call ‘drive-by-infection’. Drive-by does not require user consent to download – only to execute the malware.

You are then presented with a screen – see below – that requires you to enter a CAPTCHA code which activates the background mining.

Malwarebytes has identified more than 65 million infected devices – over 95% are mobile devices that drain your battery and use 3/4G broadband that you pay for.

It concludes

The threat landscape has changed dramatically over the past few months, with many actors jumping on the cryptocurrency bandwagon. Malware-based miners, as well as their web-based counterparts, are booming and offering online criminals new revenue sources.

Forced cryptomining is now also affecting mobile phones and tablets en masse—not only via Trojanized apps but also via redirects and pop-unders.

While these platforms are less powerful than their Desktop counterparts, there is also a greater number of them out there. Similar to what we see with IoT devices, it’s not always the individual specifications, but rather the power of the collective group altogether that matters.

We strongly advise users to run the same security tools they have on their PC on their mobile devices, because unwanted cryptomining is not only a nuisance but can also cause permanent damage.

Malwarebytes mobile users are protected against this threat.