Google Play apps found with mining malware
Cryptocurrency mining malware is not something new on the desktop environment. Even on the mobile platform, there are malwares found in repackaged copies of popular apps found in third party markets.
Researchers from Trend Micro has identified two apps that can use your Android device to mine dogecoin and litecoin. Once installed, the infected app will run down the phone’s battery very fast, said researchers. Both apps can be found from Google Play Store, called Songs and Prized. Songs has been downloaded more than one million times.
Trend Micro has identified the malware as ANDROIDOS_KAGECOIN.HBTB, which upon closer inspection reveals CPU mining code from legitimate Android mining app, based on cpuminer.
However, TrendMicro researcher Veo Zhang said that it is odd to attack phones for coin mining operations,
“Clever as the attack is, whoever carried it out may not have thought things through. Phones do not have sufficient performance to serve as effective miners. Users will also quickly notice the odd behavior of the miners – slow charging and excessively hot phones will all be seen, making the miner’s presence not particularly stealthy. Yes, they can gain money this way, but at a glacial pace.”
Those behind the mining code might have made efforts to hide the fact that phones were mining but users were still likely to notice, said Zhang. Unlike the other malicious apps, these two apps only start mining when the device is charging, as the increased energy consumption won’t be noticed as much.
“Users with phones and tablets that are suddenly charging slowly, running hot, or quickly running out of batteries may want to consider if they have been exposed to this or similar threats,” he explained. “Also, just because an app has been downloaded from an app store – even Google Play – does not mean it is safe.”
Trend Micro has informed Google’s Android security team about the issue. If you are one of the millions who have installed these apps, it should be removed from the phone immediately.Hello?