With Bitcoin price at an all-time high, a seemingly unquenchable thirst for cryptocurrencies brings a dark side to the industry. Researchers this week discovered hidden code that secretly mines coins on Android devices from apps in Google Play. Security Company Trend Micro revealed in a blog post on Monday that they had exposed malicious mining code that harnesses computing power without the user’s knowledge or consent.
The embedded code uses Javascript loading and native code injection to avoid detection by Google Play. It runs in the background and is delivered via compromised apps, causing high CPU load when in operation. The two cryptocurrency miners have been dubbed ‘ANDROIDOS_JSMINER and ANDROIDOS_CPUMINER’.
The apps were using the same code developed by Coin Hive, code that has been found in thousands of compromised websites. When users visit the sites the scripts are downloaded unwittingly to their computers which then begin collective mining operations benefitting cyber criminals elsewhere by exploiting the resources of the victim.
The compromised crypto-mining Android apps discovered so far were disguised as legitimate ones. Recitiamo Santo Rosario Free is a Catholic prayer app and SafetyNet Wireless app offers discounts. So far 25 legitimate versions of apps, such as car wallpaper apps, have been hijacked to include mining libraries and malicious code.
In a statement on their blog, security researchers claimed,
“These threats highlight how even mobile devices can be used for cryptocurrency mining activities, even if, in practice, the effort results in an insignificant amount of profit. Users should take note of any performance degradation on their devices after installing an app”.
The compromised apps have since been removed from Google Play after TrendLabs contacted them but the question arises as to how they made it past the tech giant’s security checking features in the first place. There is a possibility that the malicious mining code was added to the apps after they were listed, which spawns another question about Google’s ability to check app updates and protect its operating system from these types of incursions.
With Coin Hive malware gaining more traction and popularity this year users need to be more vigilant, not just with their computers, but with mobile devices also. Cybercriminals will look for vulnerabilities in servers and apps and with crypto mining being so lucrative will try anything to steal a few bucks from an unsuspecting user’s device.