New Captcha Hidden Miner Unveiled

Users' devices are forced to mine XMR while solving the captcha
13 February 2018   103

Hackers attack users of mobile devices based on Android again.They use well known XMR mining script Coinhive. This time, to keep users on their page longer, they offer them to solve the captcha. 

According to the company Malwarebytes, this scheme scammers have been using active since November last year. Users are being attracked to the malicious website by the ads.

Users are encouraged to enter captcha, which can sometimes be difficult due to the inconvenience of the keyboard of mobile devices. This feature is used by hackers, downloading the processors of their victims for 100% for the Monero mining.

Captcha Miner
Captcha Miner

It is noteworthy that the solution of captcha does not give the desired result - users are simply redirected to the Google homepage.

It is difficult to determine how much Monero currency this operation is currently yielding without knowing how many other domains (and therefore total traffic) are out there. Because of the low hash rate and the limited time spent mining, we estimate this scheme is probably only netting a few thousand dollars each month. However, as cryptocurrencies continue to gain value, this amount could easily be multiplied a few times over.

Malwarebytes Team

Researchers found 5 domains used in the campaign, each of which hosts the same page with the same captcha. According to their estimates, all five pages on average visit 800,000 users a day, being on them for 4 minutes.

FCC Demanded a Miner to Turn Off his Mining Hardware

The FCC concluded that the mining rig was generating spurious emissions and causing harmful interference on T-Mobile’s broadband network
21 February 2018   70

According to the U.S. Federal Communications Commission (FCC) notification, it has received a complaint from T-Mobile with regards to “interference to its 700 MHz LTE network in Brooklyn, New York” during last year. The commission’s agents confirmed that the “radio emissions in the 700 MHz band were emanating from…an antminer s5 bitcoin miner.”

In the notification, the FCC states that ‘the device was generating spurious emissions on frequencies assigned to T-Mobile’s broadband network and causing harmful interference”.

The commission issued a warning to the owner of the mining hardware Victor Rosario. He was not allowed to continue the operation of the device because it caused harmful interference. A violation of the Federal laws cited above and could subject the operator to severe penalties, including, but not limited to, substantial monetary fines, in rem arrest action to seize the offending radio equipment, and criminal sanctions including imprisonment.

According to the FCC, it has not made a determination as to whether or not other Antminer S5s produce disruptive emissions in the 700 MHz band. It also emphasizes that it does not wish to suggest that all Antminer S5 devices are noncompliant but it aware that devices can be modified in a manner that creates harmful interference.