Has your smartphone suddenly slowed down, warmed up and the battery drained down for no apparent reason? If so, it may have been hijacked to mine cryptocurrencies. This new type of cyber attack is called “cryptojacking” by security experts.
It “consists of entrapping an internet server, a personal computer or a smartphone to install malware to mine cryptocurrencies,” said Gerome Billois, an expert at the IT service management company Wavestone.
Mining is basically the process of helping verify and process transactions in a given virtual currency. In exchange, miners are now and then rewarded with some of the currency themselves. Legitimate mining operations link thousands of processors together to increase the computing power available to earn cryptocurrencies.
IT security firm ESET researchers said, Recently, they have discovered that a version of the popular game Bug Smasher, installed from Google Play between one and five million times, has been secretly mining the cryptocurrency monero on users’ devices”. The phenomenon is apparently growing.
“More and more,” said David Emm, a security researcher at Kaspersky Lab, a leading supplier of computer security and anti-virus software.
“On mobiles, the processing power available to criminals is less,” but “there is a lot more of these devices, and therefore taking in total, they offer a greater potential,” he added.
“On Android devices, the computational load can even lead to ‘bloating’ of the battery and thus to physical damage to, or destruction of, the device,” said ESET. However, “users are generally unaware” they have been cryptojacked, said Emm.
Cryptojacking affects mostly smartphones running Google’s Android operating system.
Apple exercises more control over apps that can be installed on its phones, so hackers have targetted iPhones less. But Google recently cleaned up its app store, Google Play, telling developers that it will no longer accept apps that mine cryptocurrencies on its platform.
“It is difficult to know which applications to block,” said Pascal Le Digol, the country manager in France for US IT security firm WatchGuard, given that “there are new ones every day.” Moreover, as the miners try to “be as discreet as possible” the apps do not stand out immediately, he added.
There are steps to take to protect one’s phone. Besides installing an antivirus programme, it is important “to update your Android phone” to the latest version of the operating system available to it, said online fraud expert Laurent Petroque at F5 Networks. He also noted that “people who decide to download apps from non-official sources are at more risk of inadvertently downloading a malicious app”.