Cryptojacking Software Discovered on 25 Apps in Google Play Store
25 apps which covertly mine cryptocurrencies were discovered on the Google Play Store, per a new report from cybersecurity company Sophos. Some of the apps are still available, an embarrassment for Google, as it had banned cryptojacking apps back in July.
Subscribe to the Bitsonline YouTube channel for great videos featuring industry insiders & experts
Apps Mostly Mining Monero
The report, released on September 24th, comes from SophosLabs, the research wing of U.K.-based Sophos. It describes how 11 of the 25 affected apps disguise themselves as educational apps for standardized test preparations.
They were published by a developer account named Gadgetium, while the rest are either game or utility apps. In total, the apps have been downloaded more than 120,000 times.
Both Coinhive and XMRig are designed to use the CPU of mobile devices to do their mining calculations, which works well with Monero, as its proof-of-work algorithm was changed in April to be ASIC-resistant. Monero is also a popular choice for cryptojacking because it has built-in privacy protections that hide the identities of the parties doing the mining.
The apps in question were careful to use only a small percentage of processing power in order to avoid detection by users and reduce battery drain and device overheating. Prior cryptojacking malware, such as Loapi, failed to take this into account and researchers from Kaspersky Lab found that it damaged the battery of infected devices.
Apps in Question Officially Banned From Google Play Store
In July, Google banned apps which used the processing power of mobile devices to mine cryptocurrencies, though apps which allow for the management of cloud-based mining are still allowed. SophosLabs said they notified Google about these apps back in August, but some of them continue to be available in the Google Play Store.
Google had previously cracked down on Chrome browser extensions which allowed for cryptojacking in April, after discovering that more than 90 percent of such extensions failed to request the consent of users.
A Rash of Cryptojacking in Recent Years
A recent report by the Cyber Threat Alliance (CTA), which Sophos contributed to, examined the cryptojacking phenomenon. It noted that cryptojacking had increased by 459 percent since last year. One of the most high-profile incidents of cryptojacking occurred in September of 2017 when torrent index site The Pirate Bay was discovered to have been using the processing power of visitors to its site to mine Monero.
Since then, hackers have become creative in their attempts to spread cryptojacking malware across the internet. In August, researchers discovered a browser-based cryptojacking script propagated through RawGit, a content-delivery network for GitHub files. And in July, Abstractism, a game distributed on the Steam platform, was removed from Steam after it was found to have been used to mine, once again, Monero.
Have your say. Is Google doing enough to prevent apps that host cryptojacking malware from being available on its app store?
Images via SophosLabs, Pixabay