TrendMicro researchers have detected these apps as Androidos_JSMiner and Androidos_CPUminer.
These are not the first cases of cryptocurrency miners targeting mobile devices and app stores. A previous such finding is a piece of miner detected in 2014, designed to mine Dogecoins and Litecoins for Bitcoin payout. The malware was dubbed Androidos_Kagecoin.
Androidos_JSMiner: A Closer Look
Two apps were discovered – one supposedly helps users pray the rosary, while the other provides various discounts, researchers explain.
If you have this miner running on your device, you would notice that the CPU usage is extremely high.
Androidos_CPUMiner: A Closer Look
These apps exploit legitimate versions of apps by adding mining libraries to them. The legitimate apps are then repackaged and distributed to users.
Researchers were able to outline one version of this malware found in Google Play, disguised as a wallpaper application.
The mining code is most likely a modified version of the legitimate cpuminer library. The legitimate version is only up to 2.5.0, whereas this malicious version uses 2.5.1, researchers point out.
The mining code fetches a configuration file from the cybercriminal’s own server (which uses a dynamic DNS service) that provides information on its mining pool via the Stratum mining protocol.
The research team has identified 25 samples of Androidos_CPUMiner.
In conclusion, such malware samples showcase how mobile devices can also be exploited for cryptocurrency mining goals, despite the insufficient profit of mobile mining.
Also, Android users should pay close attention to installed apps, especially in case of degradation on their devices after installing an app.
The apps mentioned in this article are no longer available on Google Play but they may quickly be replaced with other apps. So be on the lookout!