Malware-laden apps te Google Play store mine cryptocurrency from mobile victims

Trend Micro recently detected malicious apps te the Google Play store that use JavaScript loading and native code injection to avoid being detected.

By Conner Forrest | October 31, 2018, 8:06 AM PST

Malicious Android apps recently detected te the Google Play store are being used to mine cryptocurrency from victim devices, security stiff Trend Micro reported te a blog postbode.

The apps have bot detected spil ANDROIDOS_JSMINER and ANDROIDOS_CPUMINER, the postbode said. To avoid detection, the apps use mechanisms such spil dynamic JavaScript loading and native code injection, the postbode noted.

Despite the novelty of cryptocurrencies, this isn’t the very first time that Trend Micro has detected such apps ter the Google Play store. Back ter March 2014, the ANDROIDOS_KAGECOIN app wasgoed being used to mine currencies like Bitcoin, Litecoin, and Dogecoin.

The ANDROIDOS_JSMINER apps use a Javascript-based cryptocurrency miner from Coinhive. After loading the library onto the victim’s device, they rely on their own webpagina key to start mining.

The two apps associated with ANDROIDOS_JSMINER were a promotional app called SafetyNet Wireless App and an app based on the rosary called Recitiamo Santo Rosario Free. Even tho’ the Javascript is running, most users will not be aware because it is set to be invisible by default, the postbode said. However, high CPU usage will be a giveaway that something is wrong.

The example Trend Micro collective of an ANDROIDOS_CPUMINER app wasgoed that of a free wallpaper app called Car Wallpaper HD: mercedes, ferrari, bmw and audi. The ANDROIDOS_CPUMINER is known for taking legitimate apps and repacking them with mining libraries and distributing them, the postbode said. Trend Micro identified at least 25 samples of ANDROIDOS_CPUMINER.

There is such a thing spil a legitimate cpuminer library, the postbode said, but this app relies on an augmented version of that. The legitimate version goes up to Two.Five.0, but the malicious version uses Two.Five.1, the postbode said.

More about cybersecurity

Various types of cryptocurrencies are being mined with thesis apps, but the total amount that has bot generated is unknown. The postbode did say, however, that the criminals have mined at least $170 so far. For the amount of work, the payout is a pittance.

While mobile devices aren’t indeed useful for generating cryptocurrency, thesis apps can still influence users by limiting spectacle and reducing battery life, the postbode said.

Trend Micro said ter the postbode that it has reached out to Google and the example apps listed above have bot liquidated.

Related movie: 3000 Bitcoin Wallet


Leave a Reply

Your email address will not be published. Required fields are marked *