Cybercriminals now cryptojacking mobile phones

Cryptojacking occurs when a user visits a website infected with software which then prompts the device to mine for cryptocurrency.
Cryptojacking occurs when a user visits a website infected with software which then prompts the device to mine for cryptocurrency.PHOTO: REUTERS

SINGAPORE - Beware! Your mobile phone might actually be helping cybercriminals mine for cryptocurrency like Bitcoin, even if you were diligent enough not to download suspicious, malware-laden apps.

Cybersecurity experts are warning against the rising threat of cryptojacking on mobile devices. Cryptojacking occurs when a user visits a website infected with software which then prompts the device to mine for cryptocurrency.

Cybersecurity companies, Symantec and ESET. released two reports in March showing an increase in mobile cryptojacking, where hackers slipped code into websites and online ads which then make use of the phone's processor when a user opens the infected website on the mobile browser.

According to Symantec's latest Internet Security Threat Report released on Tuesday (March 27), Singapore ranks sixth as a victim of cryptomining attacks in the Asia-Pacific region, and 25th globally.

The report analysed data from 126.5 million sensors worldwide in 157 countries and territories.

Symantec saw a 34,000 per cent jump in in-browser mining globally last year, when cybercriminals rushed to take advantage of the cryptocurrency craze. Cryptominers were included for the first time in the Symantec report as a cybersecurity threat , reflecting its growing use as another tool in a cybercriminal's arsenal.

"There has been a shift in attack groups away from ransomware - which were behind some of the major attacks last year - to cryptomining," said Sherif El-Nabawi, senior director for systems engineering at Symantec Asia-Pacific.

Unlike crypto-mining malware, which requires a user to install an app or software onto their mobile phone, cryptojacking occurs the moment a user browses an infected website on the phone.

This makes it easier to infect many users, said Mr El-Nabawi.

"It's a game of mass - the more you infect, the more money you generate."

One mobile phone or one computer running 24 hours "might generate anything between 1 to 25 cents."

"But if you multiply that by 100,000 infected devices, you get $25,000 overnight," he said.

Unlike other crypto-mining malware, which targets well-known cryptocurrencies such as Bitcoin and Ethereum, cryptojacking software favours Monero, as it requires less computational power to mine and is also less traceable.

"This is a problem that won't go away anytime soon," said Mr El-Nabawi, "unless there is a decrease in cryptocurrency values, which is something we don't expect".

An indication of cryptojacking is that it can cause a mobile phone to perform sluggishly and experience fast battery drain.

In a separate report, cybersecurity firm ESET said coinminer software detection spiked in January this year, coinciding with an influx of miners due mostly to the massive jump in Bitcoin's value to a high of almost US$20,000 ($26,170) last December.

"Globally, people are still interested and investing in cryptocurrency. As long as this continues, the value of these virtual currencies seems likely to continue to increase, so cryptojacking will continue as cybercriminals see this as easy money," said ESET senior research fellow Nick FitzGerald.