Network-assessment

Apparently, some people think iPhones aren’t vulnerable to viruses and other types of malware. This simply isn’t true. Sure, iPhone’s operating system, iOS, has some real security advantages over Android, but that’s not where the story ends. iPhones need to be “jailbroken” if you want to install apps outside of the App Store, which means you essentially have to hack your own device—something Apple most certainly doesn’t want you to do. Android phones and tablets will only allow apps from the Google Play Store by default, but you can change the settings on an Android phone so it will allow outside apps without “rooting,” which is the Android equivalent to an iPhone jailbreak.  So, it’s much harder to load outside apps onto an iPhone—and as we know, jailbreaking will void its warranty.

Cyber attackers will often try to get harmful apps onto your phone, through the web, through social media messages, or through email. On an iPhone, they’d usually be forced to go through the App Store. Apps are only allowed into the App Store once Apple has screen and approved them. In the Google Play Store for Android, apps uploaded by developers are accepted by default and only removed if Google discovers that there’s something wrong with them. So, those are two reasons why it’s harder for a cyber attacker to get malware onto an iPhone than onto an Android phone. That said, it’s not impossible, which is great news for iPhone owners who fear malware app filed. A harmful app may slip into the App Store every so often, but it’s a rare occurrence. But, there is still tone kind of malware that iPhone owners should be very, very worried about.

I have an iPhone! What do I need to know?

A lot of the cryptomining malware attackers love uses webpages as well as your phone’s central processing unit (CPU) to make cryptocurrency money like Bitcoin or Ether.  If you decide to run cryptomining software on your phone to make cryptocurrency money for yourself or someone else, that’s fine. But when cryptomining is done without the permission of the device owner, that’s when the cryptominer becomes malware. Cryptomining involves using your phone or PC to solve tons of super complicated mathematical problems very quickly, and it’s tough on your CPU. It consumes your electricity, including your battery power, and your phone’s battery will also drain away faster when running a cryptominer. Makes sense—haven’t you ever noticed how your phone slows down when it’s running too many apps?

Think about it this way. People are usually happy to invite their friends over to their homes, invite them to sit down and get comfortable, help themselves to food and drink. That is, when they’re in the mood to have guests. But what about when the party is over, and the host no longers wants company? Don’t they have the right to politely ask them to leave? Of course? But imagine if they didn’t. If your guests insisted on eating more, drinking more, sleeping in your bed. Well, cryptomining is just the same on your iPhone—it’s the guest that never takes the hint.

If you decide to run an app on your phone, or if you visit a website that says, “we would like to run a cryptominer, is that okay?” and you permit it, that’s a guest you have allowed into your home. If you don’t like an app anymore, you should be able to stop running it and even uninstall it if you’d like. That saves memory and data storage on your phone for things you would rather use. If you don’t want that website to cryptomine on our phone anymore, you should be able to shut it down by closing the website’s tab in your web browser. Some websites like to cryptomine as a way of making money for giving you web content to enjoy. With your consent, cryptomining on your phone with their webpage is fine, and a guest may eat your nachos and drink your wine in your kitchen if you allow them to.

But if someone breaks into your home to eat up your food without permission, that’s a crime. And they must leave the moment you ask them to, even if they have been invited over in the past. That is your right. Same with web cryptominers. A website can say “reading our webpages requires you to run our cryptominer.” But if you don’t like it, you can read a different website and not run their cryptominer. But a cryptominer running without your knowledge or your permission isn’t just a big no no—it’s malware. A guest takes up space in your home, a cryptominer takes up your CPU and in your memory’s ability to do other work. Those are your resources and they should only be used in ways that you would allow.

Well, security researchers have discovered that cyber attackers are using webpages to run cryptomining malware on iPhones more than ever. The default web browser on iPhones is Safari. That’s the web browser that’s already installed on an iPhone before you buy it, and it’s the browser that’s used the most often on an iPhone. There has been a whopping 400% surge in web cryptomining malware on iPhones through Safari in the last two weeks of September! Four times as many bad web cryptominers are running in Safari for iOS in late September than in early September. That’s pretty shocking!

Give me the technical details, will ya?

Here are some of the web cryptominers being employed most frequently on iPhones with Safari:

  • Coinhive: Used legitimately by some websites to generate Monero cryptocurrency in exchange for a user to enjoy their content. Sometimes website visitors would prefer running Coinhive to running ads so that the owner of a website can make money. Unfortunately, it seems that Coinhive is used even more frequently so that cyberattackers can make money off of your iPhone without your permission.
  • Dorkbot Unlike Coinhive, this is malware whenever it is used. It not only makes cryptocurrency, it also downloads other malware and lets cyber attackers run their own computer code on your phone and control it against your will.
  • Cryptoloot: Similar to Coinhive, it asks for a lower percentage of revenue from websites, and its use can be either legit or it can be the actions of a cyber attacker doing something naughty without your permission!
  • Andromeda: Just malware. Aside from generating cryptocurrency, it also allows other malware to be downloaded onto your iPhone—and it can also turn your iPhone into a “zombie” bot. A cyber attacker can make your “zombie” bot iPhone a part of their botnet, which is a network of phones or PCs that a cyber attacker uses to perform other cyber attacks, all without anyone’s permission.
  • Jsecoin: Like Coinhive and Cryptoloot, it can be used for good or evil.
  • Roughted: Sends scams to your phone like fake websites that try to get your passwords. It can also deliver ransomware, which makes you unable to access your files and tries to force you to pay them money to get them back.

If your Safari web browser on your iPhone starts acting sluggish, you may have cryptominer malware to worry about. Try closing Safari, and run an antivirus app on your phone. If that fails, you can factory reset your iPhone, and that will return your device to its original state, fresh and malware-free.

Share this article

Network-assessment

Worked in a variety of IT roles until cybersecurity captured her intrigue after resolving a multitude of different malware problems for clients. Concurrently with computer technology, she enjoys creative writing and even won a few writing contests as a child. Over the years, these interests have segued into a successful blogging career. She enjoys reading novels and biographies, console gaming, lurking in web forums, alternative fashion and listening to jazz, funk, and goth music.

Website Comments

Post a comment