Has your smartphone suddenly been delayed, warmed up and the battery drained without any apparent reason? If so, it may be hijacked to mystify cryptocurrencies.
This new type of cyber attacks is called "cryptojacking" by security experts.
It "consists of catching an internet server, a PC or a smartphone to install malware for cryptocurrencies," says Gerome Billois, an expert at IT service management Wavestone.
Mining is in fact the process of verifying and processing transactions in a given virtual currency. In return, miners are now and then rewarded with part of the currency itself.
Legitimate mining operations connect thousands of processors to increase the available computing power to earn cryptocurrencies.
Mining bitcoin, ether, mono and other cryptocurrencies can be very profitable, but it requires significant investments and generates huge electricity bills.
But hackers have found a cheaper option: stealthily exploiting the processors in smartphones.
In order to lure victims, hackers turn to the digital equivalent of the Trojan horse in Greek mythology: in an innocent-looking app or program, a malicious person is hidden.
The popularity of games makes them attractive to hackers.
"We recently found out that a version of the popular Bug Smasher game, installed between one and five million times from Google Play, has secretly mineralized the cryptocurrency monero on users' devices," said researchers from IT security firm ESET .
Apparently the phenomenon seems to grow.
"More and more mobile applications that hide Trojan horses associated with a cryptocurrency mining program have appeared on the platforms in the past 12 months," said David Emm, a security researcher at Kaspersky Lab, a leading provider of computer security and antivirus software.
"On mobile devices, the processing capacity available to criminals is less," but "there are many more of these devices, and therefore they have a greater potential in total," he added.
Google cleans house
But for smartphone users, mining is at best annoying, which slows down the operation of the phone and the touch gets hot, because the processor struggles to unlock cryptocurrency and perform other tasks.
In the worst case it can damage the phone.
"On Android devices, the computational load can even lead to a" bloated feeling "of the battery and thus to physical damage to or destruction of the device," ESET said.
"Users are generally unaware" they are cryptojacked, Emm said.
Cryptojacking mainly concerns smartphones with the Android operating system from Google.
Apple exercises more control over apps that can be installed on its phones, so hackers have listened to iPhones less.
But Google recently cleaned up its app store, Google Play, and told developers that they no longer accept apps that are exploiting cryptocurrencies on their platform.
& # 39; Cat and mouse & # 39; game
"It is difficult to know which applications should be blocked," said Pascal Le Digol, the country manager in France for the American IT security company WatchGuard, since "there are new ones every day".
In addition, if the miners try to be "as discrete as possible", the apps do not fall immediately, he added.
Steps are needed to secure someone's phone.
In addition to installing an antivirus program, it is important to "update your Android phone" to the latest version of the available operating system, said online fraud expert Laurent Petroque at F5 Networks.
He also noted that "people who decide to download apps from unofficial sources are at greater risk of accidentally downloading a malicious app".
Defending against all kinds of cyber attacks is "a game of cat and mouse", said Le Digol of WatchGuard.
"You have to constantly adapt to the evolution of threats."
In this case, he said "the mouse made a big leap," Le Digol said, and adding cryptojacking could evolve into other forms in the future to include all types of connected objects.