Cryptocurrency mining site hijacked millions of Android phones

A “drive-by” mining campaign that redirected millions of Android users to a website that hijacked their phone processors for mining Monero.

Malwarebytes Labs, a Santa Clara, California-based security firm, discovered the scheme, then wrote about it on the company blog. According to security researcher Jérôme Segura, the attack is an example of “drive-by mining,” in which a malefactor exploits a device to mine cryptocurrency (in this case, Monero, or XMR) for just a short period of time.

While Malwarebytes didn’t specify which sites might be carrying the dangerous ads in question, at least one of them must be pretty popular. Dr. Augustine Fou, working alongside Malwarebytes, discovered that more than 60 million visitors have visited the malicious domains, and spent an average of four minutes on the page. That’s probably equivalent to a few thousand dollars in Monero — and a lot of overtaxed Android CPUs.

Malwarebytes is recommending that Android phone users use web filters and security software to fend off these hijacks.