Hackers secretly mine cryptocurrency with Google Play Store apps on Android phone
February 17, 20181.4K views0 comments
Sophos, a British security software and hardware company in a statement revealed 19 Android apps that secretly mine the cryptocurrency Monero in the Google Play Store.
Monero is an open-source cryptocurrency created in April 2014 that focuses on privacy and decentralization that runs on Windows, macOS, Linux, Android, and FreeBSD.
The security firm has published a 13-page report, highlighting that it found apps containing “embedded CoinHive-based miners” in Google’s app store at the start of 2018.
One of the apps, Algorithms Data Structures C Beginner Tutorial App, was installed somewhere between 10,000 and 50,000 times before it was removed by Google.
Read Also:
Because the malicious “CoinHive” code is well hidden, criminals can use it to mine Monero on users’ devices without them having any idea that it’s happening. The only clue is that their device might slow down and become warm, because of the strain on the CPU. However, in some cases the hackers employ CPU throttling to prevent heating up of the device and conceal its presence.
The researchers found the malicious JavaScript code was typically hidden in an HTML file in the app’s ‘assets’ folder. The apps would then run these scripts in a hidden web browser within the app in order to mine Monero.
The Sophos report also identifies another new way cryptocurrency is mined on Android devices, using “third-party mining modules” such as CoinMiner. Researchers found these modules in tampered versions of popular applications on third-party websites, but also in some apps on the Google Play Store. These have since been removed by Google.
Hackers steal $6m from Russian bank via SWIFT system- central bank
“The rise of CoinHive and CoinMiner comes after the recent discovery of Loapi, which masquerades as popular antivirus apps or an adult content app,” the report explains. “It downloads and installs several modules, each of which perform a different malicious action such as sending device information to a remote server, stealing SMS, fetching advertisements, crawling webpages, creating a proxy and mining Monero.”
Sophos’ report follows Malwarebytes recent discovery of malware that can mine cryptocurrency on Android devices without any apps even being installed. The security company found a number of websites that could mine Monero providing a user successfully filled in a CAPTCHA.
To avoid falling victim to crypto mining, Sophos recommends avoiding installing apps from third-party app stores and, because some malware evidently manages to slip through the net on the Play Store, it also advises installing its own Mobile Security app for extra protection.