Android Hacked by Malicious "Mineware"

Yesterday it was revealed by the security researching firm, Trend Micro, that there is malicious code that mines cryptocurrency which has been found in Android applications. These appear to be compromised applications where there was a specific exploit available to the hackers.

Like other cryptocurrency mining malware, the script tries to hijack the device so that it can take advantage of the CPU to crunch numbers and mine the cryptocurrency. The exploit makes use of Javascript loading with native code injection which allowed it to avoid the malware scanners at Google Play.

Similar Scripts

These mining scripts run in the background process when the code has been executed and are linked to two mining scripts called "ANDROIDOS_CPUMINER" and "ANDROIDOS_JSMINER". This code has been developed by Coinhive which was also responsible for the browser mining javascript code that we have reported on previously.

The code was initially released as an interesting way for webmasters to mine cryptocurrency while users visit websites (in place of traditional advertising). However, this has been exploited by a number of hackers who have managed to insert the script in vulnerable websites thereby making the website an unwitting agent in the experiment.

The apps that were on the app store were legitimate apps. One was a free prayer app whereas the other was a discount and coupon scanning application. The researchers were able to identify at least 25 applications that had been compromised with the code inserted into them. These apps included mining libraries as well as malicious code.

They advised those users who had android devices that they should keep an eye on the CPU usage on their devices. These are usually the signs that something is running in the background and using your device without your knowledge. The researchers also stated that:

these threats highlight how even mobile devices can be used for cryptocurrency mining activities, even if, in practice, the effort results in an insignificant amount of profit.

After they had discovered the exploits, they contacted Google to let them know of the compromised applications. Although Google did remove these particular applications, there is still a concern that there are many others that are lurking out there. Moreover, if these managed to avoid the Google screen then it means that there may be many more out there.

The Danger of Mobile Apps

Although this is the first report of hackers using compromised applications to mine cryptocurrencies on your phone, we have seen apps being used for phishing scams. Last week, it was reported that the Google play store had fake Poloniex applications on them. These were disguised as official applications and stole user login credentials on the exchange.

If these disclosures show one thing, it is that hackers and "mineware" are finding ways to take advantage of you through the applications that you download. Be careful what you install and always make sure they are clean and authentic.

Featured Image via Fotolia