TrendMicro researchers have detected these apps as Androidos_JSMiner and Androidos_CPUminer.
These are not the first cases of cryptocurrency miners targeting mobile devices and app stores. A previous such finding is a piece of miner detected in 2014, designed to mine Dogecoins and Litecoins for Bitcoin payout. The malware was dubbed Androidos_Kagecoin.
Androidos_JSMiner: Um olhar mais atento
Two apps were discovered – one supposedly helps users pray the rosary, while the other provides various discounts, pesquisadores explicam.
If you have this miner running on your device, you would notice that the CPU usage is extremely high.
Androidos_CPUMiner: Um olhar mais atento
These apps exploit legitimate versions of apps by adding mining libraries to them. The legitimate apps are then repackaged and distributed to users.
Researchers were able to outline one version of this malware found in Google Play, disguised as a wallpaper application.
The mining code is most likely a modified version of the legitimate cpuminer library. The legitimate version is only up to 2.5.0, whereas this malicious version uses 2.5.1, pesquisadores apontar.
The mining code fetches a configuration file from the cybercriminal’s own server (which uses a dynamic DNS service) that provides information on its mining pool via the Stratum mining protocol.
The research team has identified 25 samples of Androidos_CPUMiner.
Em conclusão, such malware samples showcase how mobile devices can also be exploited for cryptocurrency mining goals, despite the insufficient profit of mobile mining.
Além disso, Android users should pay close attention to installed apps, especially in case of degradation on their devices after installing an app.
The apps mentioned in this article are no longer available on Google Play but they may quickly be replaced with other apps. So be on the lookout!