“Bonus” for Google App users – Monero miner in disguise

by Julie Splinters - - 2017-11-02

The background activity of Google Play store apps

There may be more Monero or Bitcoin mining apps

Again malware developers placed the bait for Android users. After cyber felons found a way how to exploit browser extensions or lure visitors to infected sites to use their PCs’ resources to mine crypto-coins, it did not take long for them to find another energy resource – Google App store. Three apps have been found to mine Monero^[1] crypto-currency^[2].

The “chosen” apps

Three apps – Recitiamo Santo Rosario Free, SafetyNet Wireless App, Car Wallpaper HD: mercedes, ferrari, bmw and audi – were designed to secretly mine Monero coins on the expense of users’ mobile battery.

Thus, if you are among those users, who, for any reasons, installed these apps, your device was most likely to mine “money” for the crooks.

The apps employed JavaScript library code from Coinhive. Trend Micro experts have classified them to ANDROIDOS_JSMINER and ANDROIDOS_CPUMINER groups. ^[3]. According to the reports, the apps only earned 170 US dollars for the miner developers. Though the actual earned amount of money is still unknown. Fortunately, the compromised apps are no longer available on Google App store.

Other dangers for Android users

On the other hand, the fact that Google Play store is continuously assaulted by miners and malware only raises concerns and urges Google to significantly improve anti-malware prevention system.

CPU-draining apps might become a real issue. However, ESET specialists have also detected fake Poloniex cryptocurrency exchange apps which attempt to wheedle users’ email account credentials and further important information^[4].

Crypto-coin mining has become a current trend. Malware developers do not only target poorly protected sites to foist in the crypto-coin mining code. Now they aim for big fish – sophisticated and well-trusted sites, such Politifact^[5]. Unfortunately, the number of compromised sites is rapidly increasing. Not only malware felons foist the code, but more and more site administrators willingly place the coin-mining JavaScript code on their sites as well

In order to protect your device from CPU energy drainers and data thieves, follow this advice:

check app reviews in (various forums, etc.) before downloading it
install the mobile version of an anti-virus and malware elimination tool
make sure you install the right ad-blocking or anti-miner extension (note the case of fake AdBlock Plus add-on)

About the author

Julie Splinters - Anti-malware specialist

Julie Splinters is the News Editor of 2-spyware. Her bachelor was English Philology.

Contact Julie Splinters
About the company Esolutions

References

^ Lucia Danes. Monero Miner. 2-spyware. Security and spyware news.
^ Roland Moore-Colyer. Monero miner malware found lurking behind Android apps. TrustedReviews. The why before you buy.
^ Coin Miner Mobile Malware Returns, Hits Google Play. TrendMicro. Security news direct from threat defense experts .
^ Lukas Stefanko. Fake cryptocurrency trading apps on Google Play. WeLIveSecurity. News, views, and insight from the ESET security community.
^ Devin Coldewey. Surreptitious cryptocurrency miners hide on Politifact and hundreds of other sites. TechCrunch. The latest technology news and information on startups.