According to TrendLans researchers new Android malware family (detected as ANDROIDOS_KAGECOIN.HBT) had cryptocurrency mining capabilities. They are found that malware is involved in the mining for various digital currencies, including Bitcoin, Litecoin, and Dogecoin. The researchers originally found ANDROIDOS_KAGECOIN as repacked copies of popular apps such as Football Manager Handheld and TuneIn Radio.
The apps were injected with the CPU mining code from a legitimate Android cryptocurrency mining app; this code is based on the well-known cpuminer software.
The miner is started as a background service once it detects that the affected device is connected to the Internet. It launches the CPU miner to connect to a dynamic domain, which then redirects to an anonymous Dogecoin mining pool.
The malware is configured to download a file, which contains the information necessary to update the configuration of the miner. This configuration file was updated, and it now connects to the well-known WafflePool mining pool. The Bitcoins mined have been paid out several times.
The coin-mining apps are found outside of the Google Play store, but they are found the same behavior in apps inside the Google Play store.
These apps have been downloaded by millions of users, which means that there may be many Android devices out there being used to mine cryptocurrency for cybercriminals. We detect this new malware family as ANDROIDOS_KAGECOIN.HBTB
Analyzing the code of these apps reveal the cryptocurrency mining code inside. Unlike the other malicious apps, in these cases the mining only occurs when the device is charging, as the increased energy usage won’t be noticed as much.
Users may not know that their devices may potentially be used as mining devices due to the murky language and vague terminology.
Clever as the attack is, whoever carried it out may not have thought things through. Phones do not have sufficient performance to serve as effective miners. Users will also quickly notice the odd behavior of the miners – slow charging and excessively hot phones will all be seen, making the miner’s presence not particularly stealthy. Yes, they can gain money this way, but at a glacial pace.
Users with phones and tablets that are suddenly charging slowly, running hot, or quickly running out of batteries may want to consider if they have been exposed to this or similar threats. Also, just because an app has been downloaded from an app store – even Google Play – does not mean it is safe.
They are already informed the Google Play security team about this issue.
No comments:
Post a Comment