Jason
Member • Mar 31, 2014
Malware Writers Infect Android Apps With Crypto-Currency Mining Code
Malware writers have figured out a method to earn money by utilising millions of smartphone users' hardware processing power and transforming the devices into a crypto-currency mining tool by the introduction of a new malware family. The researchers of TrendLabs have been clever enough to spot them. This malware has been responsible for mining different types of digital currencies like Bitcoin, Litecoin and Dogecoin. According to the researchers, the malware was originally found in repacked copies of apps like Football Manager Handheld and TuneIn Radio, found outside the Google Play Store. The app when installed uses the Android device’s hardware resulting in reduction in battery life, wear and tear of the device, which could lead to decrease in device’s lifespan.
The apps have been modified and introduced with the mining code from a legal Android virtual currency mining app. The code is based on the cpuminer software. To conceal the code, the Google Mobile Ads portion of the app was customized.
The customized Google Mobile Ads code
The process of mining acts as an ongoing background service once the device is connected to the internet. According to TrendLabs, the malware ANDROIDOS_KAGECOIN.HBT is configured to download a file to update the configuration of the miner which enabled the developer to switch from a Dogecoin to a Bitcoin mining pool.
Coin pool configuration code
Unlike the apps discussed above, a few apps have been found within the Google Play Store which demonstrate the same behaviour. ‘Songs’ and ‘Prized – Real Rewards & Prizes’ are apps that have been infected with a new yet similar malware known as ANDROIDOS_KAGECOIN.HBTB.
Mining Apps in Google Play
Although, there is a noticeable difference between the two malwares, in the second case, the mining only occurs when your device is charging so that the increase in energy use won’t be noticed. These apps have reportedly been downloaded by many users and affected many Android device users. TrendLabs claims that they have informed the Google Play security team about the issue due to which the apps are no longer available.
The attack is indeed clever, but phones do not have sufficient specs to perform as an effective miner. The report states that the cybercriminal earned thousands of Dogecoins. If we assume he/she earned 5000 Dogecoins then its value is equivalent to just $2.6 (Value stated is at the time of writing). Also, odd behaviors like slow charging and over-heating of the phone can bring to the user's attention of the presence of a miner.
Via: #-Link-Snipped-# | Source: #-Link-Snipped-#
The apps have been modified and introduced with the mining code from a legal Android virtual currency mining app. The code is based on the cpuminer software. To conceal the code, the Google Mobile Ads portion of the app was customized.
The customized Google Mobile Ads code
The process of mining acts as an ongoing background service once the device is connected to the internet. According to TrendLabs, the malware ANDROIDOS_KAGECOIN.HBT is configured to download a file to update the configuration of the miner which enabled the developer to switch from a Dogecoin to a Bitcoin mining pool.
Coin pool configuration code
Unlike the apps discussed above, a few apps have been found within the Google Play Store which demonstrate the same behaviour. ‘Songs’ and ‘Prized – Real Rewards & Prizes’ are apps that have been infected with a new yet similar malware known as ANDROIDOS_KAGECOIN.HBTB.
Mining Apps in Google Play
Although, there is a noticeable difference between the two malwares, in the second case, the mining only occurs when your device is charging so that the increase in energy use won’t be noticed. These apps have reportedly been downloaded by many users and affected many Android device users. TrendLabs claims that they have informed the Google Play security team about the issue due to which the apps are no longer available.
The attack is indeed clever, but phones do not have sufficient specs to perform as an effective miner. The report states that the cybercriminal earned thousands of Dogecoins. If we assume he/she earned 5000 Dogecoins then its value is equivalent to just $2.6 (Value stated is at the time of writing). Also, odd behaviors like slow charging and over-heating of the phone can bring to the user's attention of the presence of a miner.
Via: #-Link-Snipped-# | Source: #-Link-Snipped-#