Chocolate Factory’s anti-malware protections fail yet again

Android apps secretly harboring cryptocurrency-mining code have managed to make their way onto the shelves in the official Google Play Store.

Researchers at Trend Micro found three programs available for download in the application souk that were surreptitiously using the spare CPU cycles on people’s smartphones to mine Monero, using code built by – you guessed it – Coin Hive. The mining apps were variously disguised as a wallpaper collection, a wireless safety app, and software to help Catholics with rosary prayers.

Essentially, the software would appear to do one very simple thing while sneakily using your hardware and battery power to mine XMR coins for its masters.

“These threats highlight how even mobile devices can be used for cryptocurrency mining activities, even if, in practice, the effort results in an insignificant amount of profit,” the researchers stated today. “Users should take note of any performance degradation on their devices after installing an app.”

While the apps have now been removed, after Trend alerted Google, the software slipped past the ad giant’s malware checking systems by using an old trick. While the apps appeared benign once they were installed, they immediately contacted a remote server, and downloaded and ran the stealth mining code.

Coin Hive, which was hacked last week, is no longer developing the version of its JavaScript code that harvests cryptocurrency on devices without warning users – and is instead focused on a more legitimate engine that alerts people when their hardware is being used for mining. But that hasn’t stopped the unscrupulous from still using the stealthy build.

Although Monero is a new and lightweight flavor of cyber-cash, and is ideal for mining on commodity desktop computers whereas the much more famous Bitcoin requires powerful dedicated number crunchers these days, mobile phones are a lousy way to produce XMR. Although handheld CPUs are pretty beefy these days, the drain on battery life makes it likely users will spot something is up and throw out the intensive apps. Trend estimates that the dodgy apps made just $170 before they were yanked from the store by Google.

Nevertheless, this should be something that Google is picking up on when it accepts apps in its official code bazaar. You expect unofficial app marketplaces to be riddled with malware but if Google can’t keep its own house in order then what are Android users left with, other than considering iOS? ®

Sponsored: The Joy and Pain of Buying IT – Have Your Say

Let’s block ads! (Why?)

Source link

Load More By admin
Load More In Apps & Software

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also

The new Audi Q5 is one of the most high-tech cars you can buy — these are its best features

Kelley Blue Book gave the Audi Q5 a rating of 9.6 out of 10.Audi Kelley Blue Book gave the…