Cryptojacking apps invade Google Play store, with one even hitting more than 100K downloads

Software that secretly mines cryptocurrency on infected devices is gaining popularity with cybercriminals, who have even managed to sneak malicious apps into the Google Play Store.

How a recently discovered malware may save you from cryptomining infections
Building a slide deck, pitch, or presentation? Here are the big takeaways:
  • Malware that mines cryptocurrency without user knowledge or permission has been found on the Google Play Store, Kaspersky Lab reports.
  • Android owners should carefully watch what they install, and Android device managers should require permission for any app installation, even from trusted sources like Google Play.--TechRepublic

Researchers at Kaspersky Lab have found cryptojacking apps, which secretly mine cryptocurrency without a device owner's knowledge or permission, on the official Google Play store. One app had even been installed more than 100,000 times.

Cryptocurrency-mining malware is nothing new, even on Android devices, but its existence on the official Google Play store was, until now, unheard of. Malware-infected Android apps tend to distribute through third-party app stores that lack the security measures that Google enforces.

With the arrival of cryptojacking malware on the Google Play Store it's time to take the threat even more seriously than before--even managed devices that aren't able to sideload apps could fall prey.

Hiding cryptomining apps in the Google Play Store

Kaspersky reported on several apps it found in the official Google Play Store disguised as a VPN apps, games, charity apps, and apps associated with professional soccer.

The most popular of the apps found in the Google Play Store was a Portuguese-language app that actually did what it said: streamed soccer matches. It also connected to a website that contained a Coinhive mining script, allowing the app to pull double duty as a cryptominer.

SEE: Research: Defenses, response plans, and greatest concerns about cybersecurity in an IoT and mobile world (Tech Pro Research)

A simple zombie-themed game found on Google Play also contained a coin mining JavaScript, and one app was even brazen enough to masquerade as a charity that allowed users to donate their device resources to mine cryptocurrency for impoverished children. Kaspersky Lab points out that the app used the name of a popular cryptocurrency wallet developer, but with one letter missing--a common phishing tactic.

A cryptojacking app masquerading as a VPN found on Google Play shows that coders are getting smarter about how their malware mines cryptocurrency--it actually monitors the device's battery and CPU temperature to prevent overheating and device damage like what the Loapi malware caused. That malicious VPN was downloaded more than 50,000 times before Google removed it.

Cryptominers are getting smarter

Google removed all of the apps mentioned by Kaspersky Lab, but that doesn't mean the problem has been solved. Google Play Protect can detect and protect against apps that contain actual malicious code, but those that download it after the fact, like many cryptojackers, escape detection.

Android users and managers in the enterprise world need to protect their devices from infection by going further than blocking sideloading apps: Lock down app installation completely and force users to get approval for everything.

It's also essential for managed devices to have anti-malware software installed and for regular scans to be required.

Until Google manages to better protect the Play Store, Android users should plan to thoroughly examine every app they download. Look for misspellings, negative reviews, or information on the developer elsewhere online. It may make app installation more of a hassle, but avoiding a malware infection is worth the effort.

Also see

ymgerman, Getty Images