Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Cryptocurrency-crafting creeps crept crafty code into Google App Store

Chocolate Factory's anti-malware protections fail yet again

Android apps secretly harboring cryptocurrency-mining code have managed to make their way onto the shelves in the official Google Play Store.

Researchers at Trend Micro found three programs available for download in the application souk that were surreptitiously using the spare CPU cycles on people's smartphones to mine Monero, using code built by – you guessed it – Coin Hive. The mining apps were variously disguised as a wallpaper collection, a wireless safety app, and software to help Catholics with rosary prayers.

Essentially, the software would appear to do one very simple thing while sneakily using your hardware and battery power to mine XMR coins for its masters.

"These threats highlight how even mobile devices can be used for cryptocurrency mining activities, even if, in practice, the effort results in an insignificant amount of profit," the researchers stated today. "Users should take note of any performance degradation on their devices after installing an app."

While the apps have now been removed, after Trend alerted Google, the software slipped past the ad giant's malware checking systems by using an old trick. While the apps appeared benign once they were installed, they immediately contacted a remote server, and downloaded and ran the stealth mining code.

Coin Hive, which was hacked last week, is no longer developing the version of its JavaScript code that harvests cryptocurrency on devices without warning users – and is instead focused on a more legitimate engine that alerts people when their hardware is being used for mining. But that hasn't stopped the unscrupulous from still using the stealthy build, whether it's in 500 hacked Wordpress blogs or Chrome extensions.

Although Monero is a new and lightweight flavor of cyber-cash, and is ideal for mining on commodity desktop computers whereas the much more famous Bitcoin requires powerful dedicated number crunchers these days, mobile phones are a lousy way to produce XMR. Although handheld CPUs are pretty beefy these days, the drain on battery life makes it likely users will spot something is up and throw out the intensive apps. Trend estimates that the dodgy apps made just $170 before they were yanked from the store by Google.

Nevertheless, this should be something that Google is picking up on when it accepts apps in its official code bazaar. You expect unofficial app marketplaces to be riddled with malware but if Google can't keep its own house in order then what are Android users left with, other than considering iOS? ®

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like