Researchers Discover 3 Monero Mining Malware Apps on Play Store

Today cyber criminals are devising new ways to use cryptocurrency miners and make easy money. Hackers simply target unsuspecting users and use their CPU power to mine for cryptocurrency, without their consent.

Quite recently we had heard of a couple of cryptocurrency mining malware apps targetting Android users. Now, here comes the news about some other such malware having targeted Android devices. Researchers have found three apps infected with cryptocurrency malware on Google Play Store and used to generate Monero coins.

It’s researchers at TrendMicro who have discovered these malicious apps on Google Play. A blog post authored by Jason Gu, Veo Zhang, Seven Shen of TrendMicro says- “These apps used dynamic JavaScript loading and native code injection to avoid detection. We detect these apps as ANDROIDOS_JSMINER and ANDROIDOS_CPUMINER.” The blog further says- “This is not the first time we’ve found these types of apps on app stores. Several years ago, we found malicious apps on the Google Play store detected as ANDROIDOS_KAGECOIN, a malware family with hidden cryptocurrency mining capabilities.”

Cryptocurrency miners work in a very different way; when users visit a website that uses such mining code, the malware works by using the CPU power to mine for cryptocurrency. Similarly, in the case of a smartphone, the users are targeted by malware-infected apps which would use the phone’s power to mine for cryptocurrency.

According to the TrendMicro researchers, the malware apps they have detected used dynamic JavaScript loading and native code injection to avoid detection. A report on HackRead says- “One app called Recitiamo Santo Rosario claimed to provide religious content (Catholic), the other one claimed to provide Internet and WiFi safety while the third one was related to car wallpapers. But in reality, all three infected users devices to generate Monero coin…The mining code in these apps was provided by CoinHive, a firm that offers cryptocurrency miner written in Javascript, which sends any coins mined by a browser to the owner of the website.”

The TrendMicro research team has informed Google about these cryptocurrency mining apps and these apps are no longer on Google Play.

The TrendMicro blog post points out- “These threats highlight how even mobile devices can be used for cryptocurrency mining activities, even if, in practice, the effort results in an insignificant amount of profit. Users should take note of any performance degradation on their devices after installing an app.”