Malicious Cryptocurrency Mining Digs Into Mobile

Share and earn Cybytes
Facebook Twitter LinkedIn Email

Malicious cryptocurrency mining is a fast-growing threat in 2018, surpassing ransomware as the favorite choice of cybercriminals. The rising value and steady availability of digital currencies, such as Bitcoin and Monero, offer attackers low risk with high returns and is driving this surge.  Cybercriminals deploying cryptocurrency mining techniques more commonly target servers or laptops, but in many cases, they are also turning to mobile devices.  This poses a threat to both subscribers and mobile network operators.

Palo Alto Networks Unit 42 threat intelligence team has been following the rise of malicious cryptocurrency mining and described the trend in the blog post What’s Driving the Shift to Cryptocurrency Mining Malware.   In another post, Rise of the CryptoCurrency Miners, Unit 42 researchers described a Monero campaign that infected around 15 million systems. If these systems remained infected for at least 24 hours each, the attackers could have earned well over $3 million.

Cryptomining malware works by taking over the CPU processing power of the infected device to mine cryptocurrency.  In many ways, mobile phones are unattractive targets – their processing power is very limited compared to a laptop or server. However, the vast number of active mobile devices globally – now estimated at 7.8 billion – greatly outnumber the estimated 1 billion Windows laptops by almost eightfold.  The lack of security on most mobile phones, the eagerness with which subscribers download applications, and the seeming ease with which malicious actors can embed malicious code into websites and application stores make malicious cryptocurrency mining on mobile devices increasingly easy for malicious actors.


Devastating Impact

Cryptocurrency miner malware can be devastating to mobile devices, where battery resources are limited. The malware overtaxes the CPU so much that irreparable damage can be done to mobile phones in as little as two days.  Unlike ransomware, cryptomining can often go undetected by the mobile subscriber. Cybercriminals have cleverly engineered the malicious site and the malware to appear to be legitimate, thereby hiding their malicious activities. The depleted battery life or overheated, malfunctioning phone will be a mystery to the subscriber, who is unlikely to attribute it to a malicious action. The malicious app also generates data traffic, which can give rise to additional costs for users on mobile tariffs that do not have unlimited data volumes. Yet even this small additional cost will likely not be associated by the subscriber with any device infection.

For mobile network operators, it is particularly difficult to correlate subscriber churn, complaints on battery performance, or device malfunction to cryptocurrency mining infection.

Unhappy subscribers can result in complaints to customer care, replacement of phones and subscriber churn, having real costs and consequences to the mobile operator. The mobile network operator, as well as the subscriber, are both victims.

This is a growing problem. According to Dark Reading, Coinhive is a cryptominer deployed on thousands of websites around the world. In another example, one researcher uncovered a new malvertising campaign targeting Android users that effectively forced phones to mine cryptocurrency for as long as the phone was active on its websites. It estimated 60 million visitors have visited the malicious domains and spent an average of four minutes on the page, equivalent to a few thousand dollars in Monero — and a lot of overloaded Android CPUs.

Unit 42 threat research has identified 470,000 unique malware samples that hijack computers and mobile devices to mine cryptocurrency, with a huge spike in 2018. The popularity of malicious cryptomining activity continues to skyrocket as a direct result of a previous spike in value of such cryptocurrencies as Monero – only time will tell if cryptominers will continue in popularity. It is clear that such activities have been profitable for individuals or groups who have mined cryptocurrency using malicious techniques for a long period of time. As Palo Alto Networks researchers first highlighted, a total of $175 million has been found to be mined historically via the Monero currency, representing roughly 5 percent of all Monero currently in circulation.


Combating the Threat

Malicious cryptocurrency mining on mobile devices has been observed in live service provider trials conducted by Palo Alto Networks. The Palo Alto Networks Security Operating Platform provides application-layer visibility and functions specially designed to enable mobile network operators to quickly identify the malicious C2 activity as well as which subscribers and devices are impacted. With this deep visibility, MNOs can then take corrective action, which might include notification to the infected subscriber, remediation options for customer care, and upsell of a protection service.

Mobile network operators using Palo Alto Networks Security Operating Platform have a number of means to combat this threat on their networks, including WildFire detections for cryptominers delivered via malware and GTP security, which correlates the threat to the impacted subscriber or device. For more information on the mobile network infrastructure capabilities of the Security Operating Platform, download the brief.



The post Malicious Cryptocurrency Mining Digs Into Mobile appeared first on Palo Alto Networks Blog.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Palo Alto Networks
Palo Alto Networks is the next-generation security company maintaining trust in the digital age by helping tens of thousands of organizations worldwide prevent cyber breaches. With our deep cybersecurity expertise, commitment to innovation, and game-changing Next-Generation Security Platform, customers can confidently pursue a digital-first strategy and embark on new technology initiatives, such as cloud and mobility. This kind of thinking and know-how helps customer organizations grow their business and empower employees all while maintaining complete visibility and the control needed to protect their critical control systems and most valued data assets. Our platform was built from the ground up for breach prevention, with threat information shared across security functions system-wide, and designed to operate in increasingly mobile, modern networks. By combining network, cloud and endpoint security with advanced threat intelligence in a natively integrated security platform, we safely enable all applications and deliver highly automated, preventive protection against cyberthreats at all stages in the attack lifecycle without compromising performance. Customers benefit from superior security to what legacy or point products provide and realize a better total cost of ownership.
Promoted Content
Unit 42 Report - Ransomware: Unlocking the Lucrative Criminal Business Model
Ransomware, specifically cryptographic ransomware, has quickly become one of the greatest cyber threats facing organizations around the world. This criminal business model has proven to be highly effective in generating revenue for cyber criminals in addition to causing significant operational impact to affected organizations. It is largely victim agnostic, spanning across the globe and affecting all major industry verticals. Small organizations, large enterprises, individual home users – everyone is a potential target. Ransomware has existed in various forms for decades, but in the last several years criminals have perfected the key components of these attacks. This has led to an explosion of new malware families and has drawn new actors into participating in these lucrative schemes.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?