Home > Mobile Threats > Android > Android Miner Virus (Coin Miner) – How to Remove It from Your Mobile

Android Miner Virus (Coin Miner) – How to Remove It from Your Mobile

How-to-Stop-Coinhive-Miner-from-Using-PC-ResourcesThis article has been created in order to help explain what is Coin Miner mobile malware and how to remove it from your Android device effectively.

Mobile devices hashing for cryptocurriencies is something that is out of a science fiction movie. However, an experiment did take place using old Samsing Galaxy smartphones to mine for crypto. The fact that smartphones hashing power can also be used for mining cryptocurrency such as Bitcoin has brought mining malware to mobile devices as well, hiding behind malicious applications on the Google PlayStore. According to Trend Micro, those apps were advertised as legitimate applications seem helpful. In reality however, they begin to use the mobile device’s resources in order to mine for cryptocurrencies, such as Bitcoin and Monero as well as multiple altcoins. Since they both belong to the Coin Miner family of viruses, if you have seen your smartphone to become slow, and freeze at times, recommendations are to read this article and learn how to remove the Android Coin Miner malware effectively from your computer.

Threat Summary

Name Android Miner Virus
Type Android Miner Malware
Short Description Uses JavaScript to mine for cryptocurrencies on your smartphone or tablet Android device.
Symptoms A “lid” named folder, created on your Android device’s flash memory.
Distribution Method Via applications uploaded on Google Play store, containing malicious JavaScript code..
Detection Tool See If Your System Has Been Affected by malware


Malware Removal Tool

User Experience Join Our Forum to Discuss Android Miner Virus.

Android Miner Virus How Did I Get It

There are several variations of the Android Miner family of viruses, most of them using the Coinive JavaScript to connect the victim’s Android device to a Coinhive miner account. The detections are known to be the following, according to Trend Micro’s report:


There is one way that these apps use to slither onto your computer – false advertising. They are reported to pretend to be legitimate applications that can help improve your smartphone experience In one way or another. The following applications have been flagged since the first detection, but malware researchers feel convinced that there may be more of those types:

Source: Trend Micro

Android Miner Virus – Analysis

The way these apps work is after you download them and install them on the Android device, they trigger the Coinhive JavaScript library code:

Source: Trend Micro

This code connects your device to a mining pool for the crypto-currency Monero. This results in the miner malware being able to mine for the crypto-currency BitCoin. This may result in the cryptocurrency being mined to the account of the cyber-criminals at your smartphone’s expense. The cyber-crooks strongly rely on infecting as many devices as possible, because unlike with computers, on smartphones you cannot have the possibility to check which process is using your GPU and CPU to mine. They also expect to infect a lot of devices, because the hashing power strongly increases, so Android users, beweare.

Some of those miners do not only connect to big cryptocurrencies, but use easily minable ones, such as:

  • Magicoin
  • Feathercoin
  • VertCoin
  • MiriyadCoin
  • Unitus

The mining procedure also results in a folder created on the Android device’s flash memory. The mining operaion can generate a lot of money for cyber-crooks, especially if a lot of devices are infected. Researchers believe that such applications and malware is only likely to increase by the numbers in the future.

Remove Android Miner Virus from Your Android

In order to remove this malware, a simple deletion of the app won’t cut it, because a JavaScript code is created on your Android device. This results in the malware being able to stay persistent on your device, even after you remove the app. This is why we have created the removal instructions down below.

Ventsislav Krastev

Ventsislav is a cybersecurity expert at SensorsTechForum since 2015. He has been researching, covering, helping victims with the latest malware infections plus testing and reviewing software and the newest tech developments. Having graduated Marketing as well, Ventsislav also has passion for learning new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management, Network Administration and Computer Administration of System Applications, he found his true calling within the cybersecrurity industry and is a strong believer in the education of every user towards online safety and security.

More Posts - Website

Follow Me:

Preparation before removal of malware.

Before starting the actual removal process, we recommend that you do the following preparation steps.

  • Turn off your phone until you know how bad is the virus infection.
  • Open these steps on another, safe device.
  • Make sure to take out your SIM card, as the virus could corrupt it in some rare cases.

Step 1: Shut Down your phone to win some time

Shutting down your phone can be done by pressing and holding its power button and choosing shut down.

In case the virus does not let you do this, you can also try to remove the battery.

In case your battery is non-removable, you can try to drain it as fast as possible if you still have control over it.

Notes: This gives you time to see how bad the situation is and to be able to take out your SIM card safely, without the numbers in it to be erased. If the virus is on your computer, it is espeically dangerous to keep the sim card there.

Step 2: Turn on Safe Mode of your Android device.

For most Android devices, switching to Safe Mode is the same. Its done by following these mini-steps:

1.Turn on your device and hold the power button until you see the following menu:

2.Tap on Safe Mode Icon to reset your phone to Safe Mode, like shown below:

3.When you turn on your phone, you will see the letters “Safe Mode” written on the side, bottom or other corners of the screen. Your phone will also be in Airplane mode. This will help avoid any viruses communicating with the hacker.

Step 3: Eliminate the App that Your Believe is the Virus

Usually Android viruses get masked in the form of applications. To eliminate apps, follow these mini-steps:

1.Swipe down from the top of your phone and locate the Settings symbol and tap on it.

2.When you open the Settings menu, you should be able to locate the control center of all your App Permissions. It should look something like the following:

3.Now if you know which the virus or adware app is, you should locate it and tap on it:

4.When you enter the app, you will see two options – to Force Stop it and to Uninstall it. Make sure to first Force Stop it so that your phone is safe from any tripwire tactics of the app that may destroy it an then tap on Uninstall to remove it.

5.Now if you are sure that the virus or adware app is removed, you can hold the Power button and tap on Restart:

Step 4: Find Hidden Virus Files on Your Android Phone and Remove Them

1.To find hidden files manually (In case you know where the virus files are), you can use Safe Mode to go to where your Files are actually located. Usually, this is a folder, named “My Files” or something approximate to this:

2.There you should be able to locate all of your files and all of the folders:

Simply locate the virus and hold-tap on the virus file to delete it.

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree