Content, Content, Security Program Controls/Technologies, Distributed Workforce

Mobile Cryptojacking: Here’s What MSSPs Need to Know

Phone in the dark

Cryptomining hackers are increasingly targeting smartphones and tablets, according to an analysis of 100,000 sampled devices conducted by enterprise mobile security and data management company Wandera.

The Wandera analysis revealed the number of mobile devices connected to cryptojacking applications and websites grew 287 percent between October and November. Also, the analysis showed that nearly all of the exposed end users were unaware of a cryptojacking script running on their smartphone or tablet.

In addition, 29 percent of organizations had at least one mobile device running a cryptojacking script and more than 1 percent of corporate devices ran a cryptojacking script at some point last month, the Wandera analysis indicated.

What Is Cryptojacking?

Cryptojacking enables cybercriminals to mine victims' computers for Bitcoin, Ethereum and other cryptocurrency. It involves using the power of a victim's computer to process digital currency; meanwhile, a computer that runs cryptojacking scripts may overheat and become permanently damaged.

Now, hackers are incorporating cryptojacking scripts into mobile applications and websites. If mobile device users download compromised apps or visit compromised sites, they risk unknowingly installing cryptojacking scripts on to their smartphones and tablets.

The most common sites hosting cryptojacking scripts on mobile are streaming services, followed by those hosting adult content, according to Wandera. Furthermore, mobile devices have been shown to increase to more than 68°F (20°C) hotter than the recommended maximum temperature due to cryptojacking scripts.

Cryptojacking scripts are easy to distribute, lurk in the background of a victim's mobile device and do not require cybercriminals to compromise a device's security, Wandera said. As such, the number of mobile cryptojacking attacks appears likely to increase in the foreseeable future.

How Can MSSPs Stop Cryptojacking Attacks?

Cryptojacking can put a drain on an organization's resources and employees' mobile devices. Fortunately, MSSPs that understand the dangers associated with cryptojacking can help organizations address this rapidly emerging cyber threat.

To mitigate the effects of cryptojacking attacks, MSSPs can offer services that deliver both device and network security. That way, MSSPs can make it easy for organizations to block cryptojacking scripts from executing without preventing mobile device users from accessing apps and websites.

MSSPs also should educate customers about cryptojacking. By teaching customers how to identify malicious apps and websites, MSSPs can further safeguard organizations against cryptojacking and other types of cyberattacks.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.