Software that secretly mines cryptocurrency on infected devices is gaining popularity with cybercriminals, who have even managed to sneak malicious apps into the Google Play Store.
Building a slide deck, pitch, or presentation? Here are the big takeaways:
- Malware that mines cryptocurrency without user knowledge or permission has been found on the Google Play Store, Kaspersky Lab reports.
- Android owners should carefully watch what they install, and Android device managers should require permission for any app installation, even from trusted sources like Google Play.—TechRepublic
Researchers at Kaspersky Lab have found cryptojacking apps, which secretly mine cryptocurrency without a device owner's knowledge or permission, on the official Google Play store. One app had even been installed more than 100,000 times.
Cryptocurrency-mining malware is nothing new, even on Android devices, but its existence on the official Google Play store was, until now, unheard of. Malware-infected Android apps tend to distribute through third-party app stores that lack the security measures that Google enforces.
With the arrival of cryptojacking malware on the Google Play Store it's time to take the threat even more seriously than before—even managed devices that aren't able to sideload apps could fall prey.
Hiding cryptomining apps in the Google Play Store
Kaspersky reported on several apps it found in the official Google Play Store disguised as a VPN apps, games, charity apps, and apps associated with professional soccer.
The most popular of the apps found in the Google Play Store was a Portuguese-language app that actually did what it said: streamed soccer matches. It also connected to a website that contained a Coinhive mining script, allowing the app to pull double duty as a cryptominer.
A cryptojacking app masquerading as a VPN found on Google Play shows that coders are getting smarter about how their malware mines cryptocurrency—it actually monitors the device's battery and CPU temperature to prevent overheating and device damage like what the Loapi malware caused. That malicious VPN was downloaded more than 50,000 times before Google removed it.
Cryptominers are getting smarter
Google removed all of the apps mentioned by Kaspersky Lab, but that doesn't mean the problem has been solved. Google Play Protect can detect and protect against apps that contain actual malicious code, but those that download it after the fact, like many cryptojackers, escape detection.
Android users and managers in the enterprise world need to protect their devices from infection by going further than blocking sideloading apps: Lock down app installation completely and force users to get approval for everything.
It's also essential for managed devices to have anti-malware software installed and for regular scans to be required.
Until Google manages to better protect the Play Store, Android users should plan to thoroughly examine every app they download. Look for misspellings, negative reviews, or information on the developer elsewhere online. It may make app installation more of a hassle, but avoiding a malware infection is worth the effort.
- 27 ways to reduce insider security threats (free PDF) (TechRepublic)
- Android malware found inside apps downloaded 500,000 times (ZDNet)
- New Android malware found every 10 seconds, report says (TechRepublic)
- How Google fights Android malware (ZDNet)
- Android Monero-mining malware can destroy phones, and it's nearly impossible to remove (TechRepublic)