Security researchers have uncovered a scam by hackers who have managed to hijack mobile devices using the Android operating system.
The purpose of this hack is to force the device to mine for the cryptocurrency Monero. This hacking has been in operation for several months reported researchers from Malwarebytes with the first instance tracing back to November 2017.
The malicious campaign works by redirecting users to suspicious web pages which are able to perform crypto mining from inside the browser by utilising the processing power of the device to generate the currency.
Users are greeted with a CAPTCHA to answer to prove they are not a bot and in fact human.
The displayed message reads, “Your device is showing suspicious surfing behaviour. Please prove that you are human by solving the captcha. Until you verify yourself as human, your browser will mine the Cryptocurrency Monero for us in order to recover the server costs incurred by bot traffic.”
While the CAPTCHA code is left unsolved the web page runs continuous crypto jacking scripts that will grab all the power from the processor to mine, over a prolonged amount of time this can damage the device.
Malwarebytes lead malware intelligence analyst, Jerome Segura said in a recent blog post, “Until the code (w3FaSO5R) is entered and you press the Continue button, your phone or tablet will be mining Monero at full speed, maxing out the device’s processor.”
Upon entering a successful code, the user is directed to the standard Google homepage.