1. Home
  2. Hackers target smartphones to mine cryptocurrencies

Hackers target smartphones to mine cryptocurrencies

Agencies
August 23, 2018

Paris, Aug 23: Has your smartphone suddenly slowed down, warmed up and the battery drained down for no apparent reason? If so, it may have been hijacked to mine cryptocurrencies.

This new type of cyberattack is called "cryptojacking" by security experts.

It "consists of entrapping an internet server, a personal computer or a smartphone to install malware to mine cryptocurrencies," said Gerome Billois, an expert at the IT service management company Wavestone.

Mining is basically the process of helping verify and process transactions in a given virtual currency. In exchange miners are now and then rewarded with some of the currency themselves.

Legitimate mining operations link thousands of processors together to increase the computing power available to earn cryptocurrencies.

Mining bitcoin, ethereum, monero and other cryptocurrencies may be very profitable, but it does require considerable investments and generates huge electricity bills.

But hackers have found a cheaper option: surreptitiously exploiting the processors in smartphones.

To lure victims, hackers turn to the digital world's equivalent of the Trojan horse subterfuge of Greek mythology: inside an innocuous-looking app or programme hides a malicious one.

The popularity of games makes them attractive for hackers.

"Recently, we have discovered that a version of the popular game Bug Smasher, installed from Google Play between one and five million times, has been secretly mining the cryptocurrency monero on users' devices," said researchers at IT security firm ESET.

Growing number of attacks

The phenomenon is apparently growing.

"More and more mobile applications hiding Trojan horses associated to a cryptocurrency mining programme have appeared on the platforms in the last 12 months," said David Emm, a security researcher at Kaspersky Lab, a leading supplier of computer security and anti-virus software.

"On mobiles the processing power available to criminals is less," but "there is a lot more of these devices, and therefore taking in total, they offer a greater potential," he added.

But for smartphone owners, the mining is at best a nuisance, slowing down the operation of the phone and making it warm to the touch as the processor struggles to unlock cryptocurrency and accomplish other task.

At worst, it can damage the phone.

"On Android devices, the computational load can even lead to 'bloating' of the battery and thus to physical damage to, or destruction of, the device," said ESET.

However, "users are generally unaware" they have been cryptojacked, said Emm.

Cryptojacking affects mostly smartphones running Google's Android operating system.

Apple exercises more control over apps that can be installed on its phones, so hackers have targetted iPhones less.

But Google recently cleaned up its app store, Google Play, telling developers that it will no longer accept apps that mine cryptocurrencies on its platform.

"It is difficult to know which applications to block," said Pascal Le Digol, the country manager in France for US IT security firm WatchGuard, given that "there are new ones every day."

Moreover, as the miners try to "be as discreet as possible" the apps do not stand out immediately, he added.

How to save your phone

There are steps to take to protect one's phone.

Besides installing an antivirus programme, it is important "to update your Android phone" to the latest version of the operating system available to it, said online fraud expert Laurent Petroque at F5 Networks.

He also noted that "people who decide to download apps from non-official sources are at more risk of inadvertently downloading a malicious app".

Defending against cyberattacks of all kinds is "a game of cat and mouse", said Le Digol at WatchGuard. "You need to constantly adapt to the evolution of threats."

In this case he said "the mouse made a large leap", said Le Digol, adding cryptojacking could evolve to other forms in the future to include all types of connected objects.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
January 16,2020

Claiming that e-commerce giants like Amazon import as much as 80 per cent of the items sold on their platforms, small manufacturers' body has said that their business models do not benefit local industry and are creating jobs of delivery boys only.

"Neither manufacturers nor traders are getting any benefit from the business models of Amazon and Flipkart because they largely import their products from China and Korea and sell here. Nearly 80 per cent of their products are imported," said Anil Bhardwaj, Secretary General, Federation of Indian Micro and Small & Medium Enterprises (FISME).

Bhardwaj said that the global e-commerce players generally source and sell products through their own preferred suppliers and as a result a large number of local manufacturers and traders get crowded out.

He listed out deep discounting and buying products from preferred companies as unfair practices.

"Even if they buy products from local suppliers the commission charged is very high," Bhardwaj said adding that the issues related to unfair practices have been raised with Commerce Ministry on multiple occasions.

FISME maintains that the technology-driven retail is way forward and one cannot be oblivious of the benefits it brings to consumers but at the same time the local industry can also not be ignored given its role in job creation.

"If both traders and local manufacturers are crowded out then how would the local industry survive and employment be generated?" asked Bhardwaj.

As Amazon Founder and CEO Jeff Bezos is currently on his three-day visit to India, the local traders are up in arms against the "unfair" trade practices of the tech giant. Delhi-based Confederation of All India Traders (CAIT) has launched a countrywide protest against the company and has organised protests across 300 cities.

In a setback to Amazon and Walmart-backed Flipkart, the fair market watchdog Competition Commission of India (CCI) has ordered probe into the business operations of both the companies on multiple counts including deep-discounts and exclusive tie-up with preferred sellers.

"For the first time some concrete step has been taken against Amazon and Flipkart who are continuously violating the FDI policy in indulging in a vicious racket of controlling and monopolising not only the e-commerce but even the retail trade as well," CAIT National Secretary General Praveen Khandelwal said after the CCI order.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
March 7,2020

New Delhi, Mar 7: The Union government has issued a Global Invite for Expression of Interest for disinvestment in Bharat Petroleum Corporation Limited (BPCL) from prospective bidders with a minimum net worth of $10 billion as of Saturday.

The EoI submissions can be made till May 2, whereas investor queries will be entertained till April 4.

Another condition pertains to a maximum of four members are permitted in a consortium, and the lead member must hold 40 per cent in proportion. Other members of the consortium must have a minimum $1 billion net worth.

The EOI allows changes in the consortium within 45 days, though the lead member cannot be changed.

The GoI proposes to disinvest its entire shareholding in BPCL comprising 1,14,91,83,592 equity shares held through the Ministry of Petroleum and Natural Gas, which constitutes 52.98 per cent of BPCL's equity share capital, along with the transfer of management control to the strategic buyer (except BPCL's equity shareholding of 61.65 per cent in Numaligarh Refinery Limited (NRL) and management control thereon).

The shareholding of BPCL in NRL will be transferred to a Central Public Sector Enterprise operating in the oil and gas sector under the Ministry and accordingly is not a part of the proposed transaction.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
January 10,2020

Indian enterprises were flooded with a whopping 14.6 crore malware threats in 2019 - a growth of 48 per cent (year-on-year) compared to 2018, a new report said on Friday.

Manufacturing, BFSI (banking, financial services and insurance), education, healthcare, IT/ITES, and the government were the most at-risk industries in the country, said the report from Seqrite, the enterprise arm of Pune-based IT security firm Quick Heal Technologies.

Interestingly, almost a quarter (23 per cent) of the threats were identified through 'Signatureless behaviour-based' detection by Seqrite, indicating how a growing number of cybercriminals were deploying new or previously unknown threat vectors to compromise enterprise security.

"With the latest Seqrite annual threat report, we want to empower CIOs, CISOs, business leaders and all key public stakeholders with the insights they need to combat the growing complexity of the threat landscape," said Sanjay Katkar, Joint Managing Director and CTO, Quick Heal Technologies.

The most prominent trend was the drastic increase in the volume, intensity, and sophistication of cyber-attack campaigns targeting Indian enterprises in 2019.

The rapid integration of IoT devices, BYOD (bring your own device), and third-party APIs into enterprise networks has created newer security vulnerabilities that might go unnoticed until a major breach occurs.

Threat researchers at Seqrite observed several large-scale advanced persistent threats (APT) attacks deployed against organisations in the government sector.

"The entry of nation-states and organised cybercrime cells into the fray is expected to add more complication to this situation and will require Indian government bodies and corporate enterprises to shore up their cyber defence strategies in 2020 and beyond," the report noted.

More alarming, however, was the continued lack of security awareness amongst enterprises and government organisations.

"Unsecured Remote Desktop Protocol (RDP) and Server Message Block (SMB) protocols continued to be targeted through brute-force attacks," said the report.

Spear phishing attack campaigns leveraging Office exploits and infected macros were also used extensively by cybercriminals to gain access to enterprise networks and steal critical data.

"India's digital journey depends on ensuring robust cybersecurity for all stakeholders within the enterprise ecosystem," said Katkar.

The sharp spike should be a cause of concern for CIOs and CISOs in the country, especially given the growing digital penetration within their enterprise networks.

"With network vulnerabilities and potential entry points increasing at a rapid pace, threat actors are expected to leverage artificial intelligence (AI) capabilities to power their malware campaigns in the future to capitalise on newer attack vectors," the report added.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.