As revealed in a report from SophosLab’s Pankaj Kohli, Google Play is spreading malevolent applications posing as games, educational instruments or system utilities but which actually use your Android gadget to mine digital currency.
Cryptojacking is a very profitable business for malicious actors due to the low investment necessary and the very large potential gains, although several cryptocurrency coins have passed through a rough time recently.
Secretly Mining for Crypto
It does not come as a surprise that illicit players are still trying their hand at infecting Android gadgets with Apps that furtively mine for Crypto, while also offering the appearance of a legitimate application to avoid detection.
Pankaj details in his full
report how he discovered that over 25 Apps with over 120,000 installs distributed via the
Google Play Store have been covertly mining for cryptocurrency coins using stolen processing power.
These Apps all apply CPU throttling to ensure that the gadgets they use for mining don’t overheat, a smart move if you are an attacker that needs to avoid detection after compromising a target device.
While a large number of these malevolent Android applications are executing miner code hosted on coinhive.com, there are various Apps that use their own private services for hosting.
New Crypto Mining Apps
This seems to be a significant effort at either fooling the automated App analysis tools made by Google Play market or stopping their Apps from being blocked by firewalls.
Furthermore, although the majority of these Apps have already been uprooted by Google, there exist some Apps such as LightOn that are still available in the Play Store and which has over 500 installs.
Moreover, although the majority of the cryptojacking Apps identified by Pankaj in the Google Play market mine for Monero, there are exceptions, with “A Paintbox for Kids” by Uwe Post being effective and capable of mining for different coins using XMRig miner being the main example.
Pankaj’s report also reveals that Google has been apprised about the availability of these new digital currency mining Apps in the Android App Store last month, but it appears that the Mountain View firm is taking its time closely delving into each of them.