Cryptocurrency-Mining Campaign Targets Android Users

A drive-by Monero-mining cryptocurrency campaign is currently plaguing Android users. Malwarebytes reported that, although most previous drive-by mining was done automatically without users’ consent or knowledge, this new campaign requires users to perform a specific action before the mining is performed. Victims who navigate to a specially-crafted website using an Android-powered device are presented with a fraudulent message stating that their device is exhibiting suspicious behavior and prompted to solve a CAPTCHA using code w3FaSO5R. If the victim enters the code and clicks the “continue” button, the device begins the cryptocurrency-mining process, quickly monopolizing its CPU usage. Malwarebytes Labs has identified five cryptocurrency-mining domains that have generated approximately 800,000 visits per day, with an average of four minutes per victim spent on the mining page. The NJCCIC recommends users review Malwarebytes Labs report for additional details and a list of Indicators of Compromise (IoCs). We also recommend scanning devices regularly with a reputable antivirus application and monitoring your devices for any sudden changes in performance such as unexplained high CPU usage indicative of cryptocurrency-mining activity.