Android Users Targeted by Crypto Mining Campaign

Last updated June 14, 2021
Written by:
Gabriela Vatu

Android users are becoming victims of a drive-by cryptocurrency mining campaign, with millions of devices being affected by what appears to be the first large operation of this kind.

In the middle of 2017, Google announced there were over 2 billion active Android devices across the world. With such a large pool to pick from, it's not exactly a surprise that hackers are looking to make a pretty penny off of users. The fact that security solutions are seldom installed on mobile devices also helps the attackers' cause.

This time around, the researchers at Malwarebytes have discovered that malicious apps and sites with malvertising are currently redirecting millions of users to websites that were specifically set up to mine Monero, a popular cryptocurrency. Although Monero is not nearly as popular or valuable as Bitcoin, the original cryptocurrency, it has the advantage of offering complete privacy to all transactions, making it a rather enticing option.

It seems that in a single day, five crypto mining websites discovered by Malwarebytes got some 800,000 visits. With the campaign being active since at least November, that's a lot of hits.

Android users are targeted again

Android users are targeted again

Once redirected, the phone starts mining Monero at full speed, which means your phone's processor will max out. Cryptocurrency mining is a heavy job even for a computer, and that much more for a mobile device that isn't made to carry such jobs. Users will have a solve a captcha once they are redirected, to verify they are human and not bots. Until the code is typed in, the mining continues.

"While Android users may be redirected from regular browsing, we believe that infected apps containing ad modules are loading similar chains leading to this crypto mining page. This is unfortunately common in the Android ecosystem, especially with so-called “free” apps," the researchers note.

The five domains researchers identified and you should really keep away from are recycloped.com, rcyclmnr.com, rcylpd.com, rcyclmnrepv.com, and rcyclmnrhgntry.com. They also believe that there are more domains out there, that they have yet to catch, so you better be watchful of what you do online. A first good step is to never install apps that don't come from the Google Play Store, and even there, to be wary of what you add to your phone because even Google's protections may fail from time to time.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: