Skip to content

Kaspersky Finds Crypto Miners in Android Apps Published on Google Play Store

April 7, 2018

One of the apps was downloaded over 100,000 times

Security company Kaspersky has come across several Android apps published on the Google Play Store that come bundled with cryptocurrency miners.

The Russian vendor says most of the apps were published in the sports section and offered capabilities like streaming in an attempt to hide the spike in resource usage caused by crypto mining.

A Portuguese soccer streaming app, for instance, was downloaded more than 100,000 times, Kaspersky says, and it bundled a miner that kicked in once users started streaming.
This way, the malicious code was harder to detect by users because a spike in CPU usage is expected when streaming.

The apps access the server.
This same domain is used in the developer’s email address specified in the Google Play store.
Unbeknown to visitors, the site runs a script that mines cryptocurrency
,” Kaspersky notes.

The security company says that crypto miners were bundled into many other apps, including a discount aggregator that instead of opening sites with products available at a reduced price, it actually loaded pages with cryptocurrency mining code.

Apps already removed from the Google Play store

Also interesting was an app called Crypto Mining for Children that claimed to mine crypto for charity.

The description contained no word about where or how the coins would be spent — something that any bona fide fundraising organization would publish.
What’s more, the name of the developer bore a striking resemblance to that of a well-known mobile app (a cryptocurrency wallet), but with one letter missing.
That’s a common trick used by phishers
,” the firm says.

Google has already been informed about these apps, and Kaspersky says that all them were removed based on these findings, which means users should already be secure.

Customers that installed apps like these are recommended to run security solutions that could detect crypto miners, or at least keep an eye on unusual CPU activity that could be a sign of malicious code bundled into apps.


No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: