Trend Micro Warns Of Malicious Android Apps In Google Play Coded To Mine Virtual Coins
Once installed, the hidden code gets busy mining virtual currencies in the background. It detects when there's an Internet connection so that the CPU miner can connect to a dynamic domain, which then redirects to an anonymous Dogecoin (or other virtual currency) mining pool, Trend Micro says.
In one example, as of mid-February, the tactic allowed a malware writer to collect thousands of Dogecoins. He then switched mining pools where he's been cashing in Bitcoins on a regular basis. According to Trend Micro, that particular instance involved a booby-trapped app found from a third-party app source, but researchers have noticed the same behavior in apps currently available in Google Play -- specifically, Songs and Prized - Real Rewards & Prices.
"These apps have been downloaded by millions of users, which means that there may be many Android devices out there being used to mine cryptocurreny for cybercriminals," Trend Micro says. "We detect this new malware family as ANDROIDOS_KAGECOIN.HBTB."
There are signs that your device could be infected. Some things to look for include degraded performance, running hot, charging slowly, and faster than usual battery drains.