Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Crypto-Miners Slip Into Google Play

While Google doesn’t allow crypto-currency mining applications in Google Play, some developers have found a way to push such programs to the storefront: by hiding their true purpose.

While Google doesn’t allow crypto-currency mining applications in Google Play, some developers have found a way to push such programs to the storefront: by hiding their true purpose.

For more than a year, malicious crypto-mining has spiked globally, fueled by massive increases in crypto-currency prices, and mobile users weren’t spared either, especially those on Android, the more popular mobile operating system at the moment.

Recently, SophosLabs security researchers discovered no less than 25 crypto-mining applications in Google’s official application store for Android, and revealed that over 120,000 users might have downloaded and installed them. The programs are disguised as games, utilities and educational apps.

Most of the offending applications, the researchers say, include embedded code from Coinhive, a JavaScript implementation to mine for the Monero crypto-currency. Designed to use a device’s CPU for the mining process, instead of a GPU, Coinhive is great for covert mining on mobile devices.

With only a few lines of code, mining capabilities can be added to any app that uses a WebView embedded browser, the researchers note.

Monero has been the authors’ choice of crypto-currency for all these apps as it offers sufficient privacy to keep the source, destination, and the amount mined hidden. These apps use CPU throttling to limit CPU usage by mining, and thus avoid the usual pitfalls: device overheating, high battery drain, and overall device sluggishness,” SophosLabs explains.

Of the 25 applications, 11 were found to be preparation apps for standardized tests in the United States, such as the ACT, GRE, or SAT. Published by a single developer account (Gadgetium), the apps contain a HTML page that implements the Coinhive-based miner.

The apps would enable JavaScript, load the HTML page using a WebView, and then start the miner using a wallet value retrieved from the resources. Most apps used scripts hosted on coinhive.com, but two (co.lighton and com.mobeleader.spsapp) were observed hosting the mining scripts on their own servers.

Advertisement. Scroll to continue reading.

One of the applications (de.uwepost.apaintboxforkids) was using the popular open-source CPU miner XMRig, which was designed to mine several crypto-currencies, Monero included.

Google was notified on the behaviour of these applications in August and has already removed some of them, but many continue to be available for download in Google Play.

Related: New Monero-Mining Android Malware Discovered

Related: Android Apps Carrying Windows Malware Yanked From Google Play

Related: Apps Containing Malicious IFrames Found on Google Play

 

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.