Identify three applications that use covert cryptocurrency miners in Android

Identify three applications that use covert cryptocurrency miners in Android

Late last month, three new applications that worked with the Coinhive script have been unmasked as miners for Android and have been removed from the Google Play store.


The community closely follows the growth of the programs developed to enter the computers or mobile devices of users to mine cryptocurrencies without them being aware. Such is the case of three applications recently discovered by the TrendLabs team: "SafetyNet Wireless Lab", "Recitiamo Santo Rosario Free" and "Car Wallpaper HD: mercedes, ferrari, bmw and audi".


The TrendLabs team's research allowed to classify these applications into two types. The first one was called ANDROIDOS_CPUMINER and it includes legitimate versions of normal applications without any type of malicious code that are modified to include mining libraries and are put on the market again.


In this category enter "Car Wallpaper HD: mercedes, ferrari, bmw and audi", an application that includes the modified files of miners for CPU and uses the performance of the equipment to mine several cryptocurrencies. The hacker behind this code used a dynamic DNS to modify it and record the operations in Stratum. The TrendsLads team detected a total of 25 apps of this style on Google Play.


The second type of applications are those that work with CoinHive, named as ANDROIDOS_JSMINER. CoinHive JavaScript allows mining Monero in the background without the user being aware of it. Many members of the community have been affected by owners of applications and websites that include this script in their services without notifying users, such is the case of some pornographic pages that were discovered in the past.


However, the CoinHive team offers its services as an alternative to the advertisements that are integrated into the web pages and applications, making it clear to its members that they must notify all users that they integrate CoinHive in their services.


Many customers, such as the developers of "SafetyNet Wireless Lab", an app that promised to improve the telephone network and "Recitiamo Santo Rosario Free", a religious application, integrated the CoinHive code to obtain profits without ever acknowledging the user.


Exact figures are not yet available about the profits that the authors of the spread of these malicious applications could have obtained, but the mining through these applications contributes tiny dividends if one does not speak of thousands of infected devices working all day long. a specific server.


These malicious applications in the Android operating system cause computers to slow down, consuming a large percentage of CPU processing and can endanger the security of users' data, as was the case with EnergyRescue, a ransomware that disguised itself as energy saver in the Google Play store.


Users are advised to be alert to any unusual behavior after purchasing a new application, especially if the mobile phone slows down significantly.



Read the original article here.



We’d love to hear your views on this…