Trend Micro Warns Of Malicious Android Apps In Google Play Coded To Mine Virtual Coins
Security researchers at Trend Micro report finding a new Android malware family designed to mine crytocurrencies like Bitcoin, Litecoin, and Dogecoin. The malicious mining code is being repackaged in copies of popular apps like Football Manger Handheld and TuneIn Radio. To hide the code, malware writers modify the Google Mobile Ads portion of the app, allowing them to slip into Google Play.
Once installed, the hidden code gets busy mining virtual currencies in the background. It detects when there's an Internet connection so that the CPU miner can connect to a dynamic domain, which then redirects to an anonymous Dogecoin (or other virtual currency) mining pool, Trend Micro says.
In one example, as of mid-February, the tactic allowed a malware writer to collect thousands of Dogecoins. He then switched mining pools where he's been cashing in Bitcoins on a regular basis. According to Trend Micro, that particular instance involved a booby-trapped app found from a third-party app source, but researchers have noticed the same behavior in apps currently available in Google Play -- specifically, Songs and Prized - Real Rewards & Prices.
"These apps have been downloaded by millions of users, which means that there may be many Android devices out there being used to mine cryptocurreny for cybercriminals," Trend Micro says. "We detect this new malware family as ANDROIDOS_KAGECOIN.HBTB."
There are signs that your device could be infected. Some things to look for include degraded performance, running hot, charging slowly, and faster than usual battery drains.
Once installed, the hidden code gets busy mining virtual currencies in the background. It detects when there's an Internet connection so that the CPU miner can connect to a dynamic domain, which then redirects to an anonymous Dogecoin (or other virtual currency) mining pool, Trend Micro says.
In one example, as of mid-February, the tactic allowed a malware writer to collect thousands of Dogecoins. He then switched mining pools where he's been cashing in Bitcoins on a regular basis. According to Trend Micro, that particular instance involved a booby-trapped app found from a third-party app source, but researchers have noticed the same behavior in apps currently available in Google Play -- specifically, Songs and Prized - Real Rewards & Prices.
"These apps have been downloaded by millions of users, which means that there may be many Android devices out there being used to mine cryptocurreny for cybercriminals," Trend Micro says. "We detect this new malware family as ANDROIDOS_KAGECOIN.HBTB."
There are signs that your device could be infected. Some things to look for include degraded performance, running hot, charging slowly, and faster than usual battery drains.
