Crypto-Miners Slip Into Google Play
27.9.2018 securityweek Cryptocurrency
While Google doesn’t allow crypto-currency mining applications in Google Play, some developers have found a way to push such programs to the storefront: by hiding their true purpose.
For more than a year, malicious crypto-mining has spiked globally, fueled by massive increases in crypto-currency prices, and mobile users weren’t spared either, especially those on Android, the more popular mobile operating system at the moment.
Recently, SophosLabs security researchers discovered no less than 25 crypto-mining applications in Google’s official application store for Android, and revealed that over 120,000 users might have downloaded and installed them. The programs are disguised as games, utilities and educational apps.
With only a few lines of code, mining capabilities can be added to any app that uses a WebView embedded browser, the researchers note.
“Monero has been the authors’ choice of crypto-currency for all these apps as it offers sufficient privacy to keep the source, destination, and the amount mined hidden. These apps use CPU throttling to limit CPU usage by mining, and thus avoid the usual pitfalls: device overheating, high battery drain, and overall device sluggishness,” SophosLabs explains.
Of the 25 applications, 11 were found to be preparation apps for standardized tests in the United States, such as the ACT, GRE, or SAT. Published by a single developer account (Gadgetium), the apps contain a HTML page that implements the Coinhive-based miner.
One of the applications (de.uwepost.apaintboxforkids) was using the popular open-source CPU miner XMRig, which was designed to mine several crypto-currencies, Monero included.
Google was notified on the behaviour of these applications in August and has already removed some of them, but many continue to be available for download in Google Play.