Hackers, website owners or even cybercriminals are finding new ways to use cryptocurrency miners to make easy money by using CPU of unsuspecting users. Last week, it was reported that two cryptocurrency mining malware apps were targeting Android users and now, for the second time in a week researchers have discovered three more malware-infected apps on Google Play Store targeting users to generate Monero coins.
A cryptocurrency miner works in such a way that it uses CPU power of a user’s device while they are visiting a website that is using the mining code, for example, The Pirate Bay and ShowTime’s websites. If the user is on a smartphone, they are targeted by malware-infected apps carrying cryptocurrency mining code which uses their phone’s power to generate digital coins.
The IT security researchers at TrendMicro who discovered these apps noted that “These apps used dynamic JavaScript loading and native code injection to avoid detection.”
One app called Recitiamo Santo Rosario claimed to provide religious content (Catholic), the other one claimed to provide Internet and WiFi safety while the third one was related to car wallpapers. But in reality, all three infected users devices to generate Monero coin.
The mining code in these apps was provided by CoinHive, a firm that offers cryptocurrency miner written in Javascript, which sends any coins mined by a browser to the owner of the website.
“These threats highlight how even mobile devices can be used for cryptocurrency mining activities, even if, in practice, the effort results in an insignificant amount of profit,” explained Trend Micro’s threat researchers. “Users should take note of any performance degradation on their devices after installing an app.”
Although at the time of publishing this article, Google had booted off the malware apps following TrendMicro’s report; it is quite possible that there might be other Monero mining malware apps lurking behind Google Play Store.
Remember, it all started when The Pirate Bay was caught twice using Monero mining code to generate money. Following the incident, researchers found GTA 5 gaming mod and hundreds of websites filled with a similar code targeting PC users.
Android devices which are already vulnerable to malware attacks have now another challenge to face therefore it is advised not to download unnecessary apps from a third-party website or Google Play Store and use a reliable mobile security product.