Cryptocurrency Miners on Google Play Posing as Apps
CYBER NEWS

Cryptocurrency Miners on Google Play Posing as Apps

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Cryptocurrency miners have successfully sneaked in the Google Play store. Researchers have found apps with malicious capabilities directed towards cryptocurrency mining. The apps were found to use dynamic JavaScript loading in combination with native code injection to bypass detection by security vendors.

TrendMicro researchers have detected these apps as Androidos_JSMiner and Androidos_CPUminer.

These are not the first cases of cryptocurrency miners targeting mobile devices and app stores. A previous such finding is a piece of miner detected in 2014, designed to mine Dogecoins and Litecoins for Bitcoin payout. The malware was dubbed Androidos_Kagecoin.

Related Story: CryptoLoot Coinhive Monero Miner – How to Remove from Your PC

Androidos_JSMiner: A Closer Look

There have been tech support scams and compromised websites deployed to deliver the Coinhive JavaScript cryptocurrency miner. This time around, researchers detected two apps, part of the Androidos_JSMiner malware family, used for the same purpose.

Two apps were discovered – one supposedly helps users pray the rosary, while the other provides various discounts, researchers explain.

Both apps function the same way. Once installed on a device, they load the JavaScript library from Coinhive to start mining with the hacker’s site key.

If you have this miner running on your device, you would notice that the CPU usage is extremely high.

Androidos_CPUMiner: A Closer Look

These apps exploit legitimate versions of apps by adding mining libraries to them. The legitimate apps are then repackaged and distributed to users.

Researchers were able to outline one version of this malware found in Google Play, disguised as a wallpaper application.

The mining code is most likely a modified version of the legitimate cpuminer library. The legitimate version is only up to 2.5.0, whereas this malicious version uses 2.5.1, researchers point out.

The mining code fetches a configuration file from the cybercriminal’s own server (which uses a dynamic DNS service) that provides information on its mining pool via the Stratum mining protocol.

Related Story: Quick Searcher CPU Miner Removal Guide

The research team has identified 25 samples of Androidos_CPUMiner.

In conclusion, such malware samples showcase how mobile devices can also be exploited for cryptocurrency mining goals, despite the insufficient profit of mobile mining.

Also, Android users should pay close attention to installed apps, especially in case of degradation on their devices after installing an app.

The apps mentioned in this article are no longer available on Google Play but they may quickly be replaced with other apps. So be on the lookout!

Avatar

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...