The most popular
Video: Android Users Become Accidental Victims of Intentional Cryptocurrency Miners
Based on the latest ZDNet/TechRepublic special feature, this e-book provides a detailed overview of how to create risk management policies to protect your critical digital assets.
Cybercriminals looking to capitalize on the cryptocurrency boom are increasingly attempting to infect mobile devices with cryptocurrency mining malware, even using Android's official app store to do so.
Kaspersky Lab researchers discovered several malicious cryptocurrency mining apps distributed through the Google Play Store, with miners disguised as games, sports streaming apps and VPNs. Some of them have been downloaded more than 100,000 times.
While the app appears to offer legitimate functionality, its true purpose is to secretly use the device's CPU power to mine the cryptocurrency Monero.
Illegal cryptocurrency mining has become increasingly popular this year, and although mobile devices have far less ability to conduct illegal mining than computers, there are billions of smartphones worldwide and smartphones are easy targets for attackers. This is especially true considering the ease with which users can install programs.
“Cybercriminals try to compensate for the poor performance of smartphones and the easy detection of mobile miners through the large number of portable devices and high infection rates,” said Roman Unuchek, security researcher at Kaspersky Lab.
Download now: Comparison Table – VPN Service Providers
The researchers found that the most common mining applications were related to football, with Portuguese language match streaming applications being among the most downloaded applications. The app lives up to its advertised features, allowing users to watch football matches live and also undress discreetly in the background.
A common attacker tactic is to hide Coinhive's JavaScript miner in malware. When a user starts streaming, the app opens an HTML file with an embedded JavaScript miner that converts the streamer's CPU power into Monero mining tools.
Researchers said the soccer stream miner was distributed via Google Play and downloaded by more than 100,000 users, mostly from Brazil.
Another popular way to distribute miners through seemingly legitimate programs is to embed them in programs used to secure VPN connections.
See also: What is malware? Everything you need to know about viruses, trojans and malware
Researchers found that a cryptocurrency mining app called Vilny.net had been downloaded more than 50,000 times, mostly in Ukraine and Russia.
Those behind Vilny have adapted the program to monitor the device's battery charge and temperature, allowing attackers to monitor CPU usage to avoid high temperatures associated with excessive battery usage, ensuring that users do not experience suspicious activity, log it and link it to the app.
Other apps are not as sophisticated, just pretending to be games and other popular apps, and secretly mining cryptocurrency. Some also trick users twice by showing ads that don't disappear until they click on them, providing another source of revenue for attackers.
Most of these simple cryptocurrency miners are distributed by third-party websites, although there is a site called Zombie Fun found in the Play Store.
Mining apps on Google Play Store that have been removed.
All of this shows how the threat actors behind mining malware are stepping up their game to trick people into buying cryptocurrency from them.
“Malicious miners are expanding their resources and developing tactics and approaches for more efficient cryptocurrency mining,” Unuchek said.
“Now they are using legitimate themed apps with mining features to fuel their greed. “This way they can earn double the income from each user: first by showing ads, and second by secretly mining cryptocurrency.”
See Also: How to Build a Successful Career in Cyber Security (Free PDF)
Kaspersky Lab notified Google about the malware, which has now been removed from the Play Store. ZDNet attempted to contact Google for comment, but did not receive a response at the time of publication.
To ensure that your smartphone is not infected by cryptocurrency miners, users should only install verified apps and keep their devices updated to reduce the risk of attacks.
However, the sheer number of mobile devices available to would-be criminals means this will remain a popular way to mine cryptocurrency for now.
In fact, recent miners provide the same benefits to criminals as ransomware, but with the added advantage of being very sneaky and potentially offering attackers profits over a long period of time.
Google wants to crack down on cryptojacking in Chrome
After seeing the emergence of cryptojacking extensions, Google will remove all cryptocurrency mining extensions from the Chrome Web Store.
Windows 10 warning: Beware of employees using Crypto Miner on work systems, Microsoft says
Every month, Microsoft detects more than 600,000 computers affected by coin mining malware.
Cybercriminals detected cryptocurrency mining malware hidden in a forked project on GitHub
Those behind this campaign configured the Monero cryptojacking malware to use a limited amount of CPU power to avoid infection detection.
Water fountain