A Reddit user recently discovered that the BlackBerry mobile site was being used for mining Monero from unsuspecting users’ CPUs.
The operator responsible for the BlackBerry mobile site, TCL Communication Technology Holding Ltd., recently became a prominent target for hackers who have exploited the site to implement a cryptocurrency mining script.
The suspicious code was discovered last week by a Reddit user. According to the user, the hackers used the infamous mining script from Coinhive, that mines Monero. The same Reddit user noted that the only affected website from the company was the global BlackBerry mobile site and not region-specific BlackBerry websites.
Coinhive responded to the specific Reddit thread by confirming that the responsible hacker managed to implement their mining script by exploiting a security flaw in the Magneto webshop software. Coinhive apologized for the abuse of their software and noted that the responsible hacker appears to have hacked the BlackBerry mobile site by compromising a security flaw in the Magneto webshop’s code, to hack the BlackBerry site as well as a number of other websites. Since this discovery, Coinhive has terminated the user’s account for violating their terms and conditions.
Crypto hackers have become a new phenomenon ever since the rise of bitcoin in 2017. Several large companies and organizations have fallen victim to a cryptocurrency mining script being implemented without their knowledge. While platforms such as Showtime were abused to implement the script to the hackers benefits, several other websites implemented the script willingly in order to find a revenue stream without having to resort to advertising. Last year, the popular media downloading platform, The Pirate Bay, was caught to be running the same script from Monero, in what they later confirmed to be an experiment.
However, these websites are far from the only ones to use cryptocurrency mining scripts. A report published in September 2017 by RiskIQ confirmed that over 1,000 websites were actively running mining scripts at the time.
However, shortly after this report was published, the content delivery network giant, Cloudflare Inc., established itself as one of the very first major service providers to take steps against the questionable practice. Cloudflare Inc. banned any website that was discovered to be running a cryptocurrency mining script.
However, in October last year, another new phenomenon emerged amongst crypto hackers, as they took to implementing the mining script into Android-based apps. The novel technique has since caused the attack vector to increase significantly. In fact, over the last weekend, a security researcher discovered over 291 different Android-based apps to be carrying a Monero mining script. The apps were mostly from third-party Android stores, and despite the various names, the 291 appeared to have the same concept.
The new phenomenon has shifted the types of users at risk for falling victim to harmful cryptocurrency mining scripts. Earlier, mostly large companies and organizations were targeted as they had a larger audience base, meaning a larger pool of CPUs to draw and profit from. However, using Android apps has now allowed hackers to access an entirely new range of victims, and requires significantly less management than targeting a large organization’s website.
Android users seem to carry the most risk. To minimize damage, experts have recommended that Android users practice safe habits when it comes to internet usage and especially app downloading. Android users have been advised to only download verified apps from verified sources, to update apps regularly for security updates, and to constantly monitor their device for any strange activity which strains their CPU usage.
Image from pixabay here.