Hackers target smartphones to mine cryptocurrencies

August 22, 2018 by Hélène Masquelier
Apps that surreptitiously mine cryptocurrencies can cause smartphones to overheat to the point they are damaged or destroyed, experts say

Has your smartphone suddenly slowed down, warmed up and the battery drained down for no apparent reason? If so, it may have been hijacked to mine cryptocurrencies.

This new type of cyberattack is called "cryptojacking" by .

It "consists of entrapping an internet server, a personal computer or a smartphone to install malware to mine cryptocurrencies," said Gerome Billois, an expert at the IT service management company Wavestone.

Mining is basically the process of helping verify and process transactions in a given virtual currency. In exchange miners are now and then rewarded with some of the currency themselves.

Legitimate mining operations link thousands of processors together to increase the computing power available to earn cryptocurrencies.

Mining bitcoin, ethereum, monero and other cryptocurrencies may be very profitable, but it does require considerable investments and generates huge electricity bills.

But hackers have found a cheaper option: surreptitiously exploiting the processors in smartphones.

To lure victims, hackers turn to the digital world's equivalent of the Trojan horse subterfuge of Greek mythology: inside an innocuous-looking app or programme hides a malicious one.

The popularity of games makes them attractive for hackers.

"Recently, we have discovered that a version of the popular game Bug Smasher, installed from Google Play between one and five million times, has been secretly mining the cryptocurrency monero on users' devices," said researchers at IT security firm ESET.

The phenomenon is apparently growing.

"More and more mobile applications hiding Trojan horses associated to a cryptocurrency mining programme have appeared on the platforms in the last 12 months," said David Emm, a security researcher at Kaspersky Lab, a leading supplier of computer security and anti-virus software.

"On mobiles the processing power available to criminals is less," but "there is a lot more of these devices, and therefore taking in total, they offer a greater potential," he added.

Google cleans house

But for smartphone owners, the mining is at best a nuisance, slowing down the operation of the phone and making it warm to the touch as the processor struggles to unlock cryptocurrency and accomplish other tasks.

At worst, it can damage the phone.

"On Android devices, the computational load can even lead to 'bloating' of the battery and thus to physical damage to, or destruction of, the device," said ESET.

However, "users are generally unaware" they have been cryptojacked, said Emm.

Cryptojacking affects mostly smartphones running Google's Android operating system.

Apple exercises more control over apps that can be installed on its phones, so hackers have targetted iPhones less.

But Google recently cleaned up its app store, Google Play, telling developers that it will no longer accept apps that mine cryptocurrencies on its platform.

'Cat and mouse game'

"It is difficult to know which applications to block," said Pascal Le Digol, the country manager in France for US IT security firm WatchGuard, given that "there are new ones every day."

Moreover, as the miners try to "be as discreet as possible" the apps do not stand out immediately, he added.

There are steps to take to protect one's phone.

Besides installing an antivirus programme, it is important "to update your Android phone" to the latest version of the operating system available to it, said online fraud expert Laurent Petroque at F5 Networks.

He also noted that "people who decide to download apps from non-official sources are at more risk of inadvertantly downloading a malicious app".

Defending against cyberattacks of all kinds is "a game of cat and mouse", said Le Digol at WatchGuard.

"You need to constantly adapt to the evolution of threats."

In this case he said "the mouse made a large leap", said Le Digol, adding cryptojacking could evolve to other forms in the future to include all types of connected objects.

Explore further: Mobile Trojan Loapi is one powerful nuisance

Related Stories

Cryptojacking spreads across the web

May 8, 2018

Right now, your computer might be using its memory and processor power – and your electricity – to generate money for someone else, without you ever knowing. It's called "cryptojacking," and it is an offshoot of the rising ...

Google removes Android malware used to secretly mine bitcoin

April 27, 2014

If you own an Android device, your phone might be mining bitcoin without you even knowing it. Five applications were recently removed from the Google Play store after they were discovered to be covertly using Android devices ...

Recommended for you

A novel approach of improving battery performance

September 18, 2018

New technological developments by UNIST researchers promise to significantly boost the performance of lithium metal batteries in promising research for the next-generation of rechargeable batteries. The study also validates ...

Germany rolls out world's first hydrogen train

September 17, 2018

Germany on Monday rolled out the world's first hydrogen-powered train, signalling the start of a push to challenge the might of polluting diesel trains with costlier but more eco-friendly technology.

Technology streamlines computational science projects

September 15, 2018

Since designing and launching a specialized workflow management system in 2010, a research team from the US Department of Energy's Oak Ridge National Laboratory has continuously updated the technology to help computational ...

2 comments

Adjust slider to filter visible comments by rank

Display comments: newest first

FredJose
5 / 5 (1) Aug 23, 2018
, it is important "to update your Android phone" to the latest version of the operating system available to it, said online fraud expert Laurent Petroque at F5 Networks.

Unfortunately, one also has to watch out for the manufacturer's own malicious software slowing down the older versions of their phones because they want people to become fed up with the older SLOW-AS-A-SNAIL model and buy a new one.
There is ample evidence of this on the net with the Galaxy S7 edge. Just check it out.
I also have first hand experience of this nonsense with the S5, having seen it for myself as well as with a friend of mine.
koitsu
not rated yet Aug 26, 2018
"He also noted that 'people who decide to download apps from non-official sources are at more risk of inadvertantly downloading a malicious app.'"

BUT....

"Recently, we have discovered that a version of the popular game Bug Smasher, installed from Google Play between one and five million times."

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.