Sophos, a British security software and hardware company in a statement revealed 19 Android apps that secretly mine the cryptocurrency Monero in the Google Play Store.
Monero is an open-source cryptocurrency created in April 2014 that focuses on privacy and decentralization that runs on Windows, macOS, Linux, Android, and FreeBSD.
The security firm has published a 13-page report, highlighting that it found apps containing “embedded CoinHive-based miners” in Google’s app store at the start of 2018.
One of the apps, Algorithms Data Structures C Beginner Tutorial App, was installed somewhere between 10,000 and 50,000 times before it was removed by Google.
Because the malicious “CoinHive” code is well hidden, criminals can use it to mine Monero on users’ devices without them having any idea that it’s happening. The only clue is that their device might slow down and become warm, because of the strain on the CPU. However, in some cases the hackers employ CPU throttling to prevent heating up of the device and conceal its presence.
The Sophos report also identifies another new way cryptocurrency is mined on Android devices, using “third-party mining modules” such as CoinMiner. Researchers found these modules in tampered versions of popular applications on third-party websites, but also in some apps on the Google Play Store. These have since been removed by Google.
“The rise of CoinHive and CoinMiner comes after the recent discovery of Loapi, which masquerades as popular antivirus apps or an adult content app,” the report explains. “It downloads and installs several modules, each of which perform a different malicious action such as sending device information to a remote server, stealing SMS, fetching advertisements, crawling webpages, creating a proxy and mining Monero.”
Sophos’ report follows Malwarebytes recent discovery of malware that can mine cryptocurrency on Android devices without any apps even being installed. The security company found a number of websites that could mine Monero providing a user successfully filled in a CAPTCHA.
To avoid falling victim to crypto mining, Sophos recommends avoiding installing apps from third-party app stores and, because some malware evidently manages to slip through the net on the Play Store, it also advises installing its own Mobile Security app for extra protection.