On Monday security research firm Trend Micro revealed malicious code that mines crypto currencies hidden in compromised Android apps. As Bitcoin prices reach ever skyward a darker side to the industry will inevitably seep in and with it those that aim to illegally and immorally take advantage of vulnerable systems and users.
The code harnesses CPU power from compromised devices in order to collectively mine crypto currencies. It uses embedded JavaScript loading with a native code injection that kept it under the radar of Google’s app scanning systems. The processes run in the background on Android apps and have been linked back to two crypto miners dubbed ‘ANDROIDOS_JSMINER and ANDROIDOS_CPUMINER’.
The code has been developed by Coin Hive, a malicious website that injects JavaScript into servers and people’s computers in order to collectively mine coins. Simply accessing the site will automatically attempt to inject the code, without your consent, into your computer (screenshot). Coin Hive has been reportedly responsible for hacking thousands of websites with its malicious code and this latest mobile incursion is just another version of it.
The compromised apps on Google’s Play Store were legitimate, the first being ‘Recitiamo Santo Rosario Free’, a Catholic prayer app and ‘SafetyNet Wireless’ app offering internet discounts. So far 25 legitimate versions of apps have been hijacked to include mining libraries and malicious code, including a popular one which offers car wallpapers for free.
Security researchers advised users to keep an eye on CPU usage, especially if it is high; this could be a sign that malware or ‘mineware’ has been injected onto the device. Analysts went on to state that ‘these threats highlight how even mobile devices can be used for cryptocurrency mining activities, even if, in practice, the effort results in an insignificant amount of profit.’
TrendLabs contacted Google to get the compromised apps removed from its app store but there is still the concern that they managed to circumnavigate the tech giant’s screening process. If the malicious mining code was injected after the apps were publish it raises more questions on whether Google is responsible for ongoing security checks on apps in its store and on its mobile operating system in general.
Cyber criminals have been all over Coin Hive this year and its malicious code has been disseminated across vulnerable servers, websites and ultimately end users computers. With cryptos being so lucrative at the moment we can only advise that users stay vigilant, only download trusted apps, and look out for erratic device behavior.
– Follow us on our Facebook and Twitter pages.
