Trend Micro researchers have discovered that there are some applications with malicious cryptocurrency mining abilities on Google Play. These apps used dynamic JavaScript loading and native code injection to evade detection. They identified these apps as ANDROIDOS_JSMINER and ANDROIDOS_CPUMINER.
Two apps have been discovered; one seemingly helps users pray the rosary, while the other app gives discounts of various kinds. Both apps are now removed from the official Play Store, and are named “Recitiamo Santo Rosario Free” and “SafetyNet Wireless App.” The two applications use a copy of the Coinhive miner inside a hidden WebView browser.
According to TrendMicro:
“Both of these samples do the same thing once they are started: they will load the JavaScript library code from Coinhive and start mining with the attacker’s own site key. This JavaScript code runs within the app’s webview, but this is not visible to the user because the webview is set to run in invisible mode by default.”
The main issue here is that these applications do not request permission to do so, and cryptocurrency mining operation will definitely lead to the device overheating, a shortened battery life, reduced performance, and a common wear and tear on the device’s physical state.
In fact, these threats show us how even mobile devices can be targeted for cryptocurrency mining activities.
