Android is the most spread mobile operating system in the world, and it seems that the number of malware targeting its users is increasing as well.Recently, a new Android malware family has been found out there, featuring cryptocurrency mining capabilities, and called ANDROIDOS_KAGECOIN.HBT.
According to a post on the trendmicro blog, the malware was designed to mine for various digital currencies, such as Bitcoin, Litecoin, and Dogecoin.
The presence of this malware on devices affects users’ experience in a variety of ways, as it shortens the battery life of the smartphone/tablet and also constantly eats resources. The overall life span of the device is also impacted.
Said malicious code has been discovered in repacked copies of various popular applications in the Google Play Store, including Football Manager Handheld and TuneIn Radio.
“The apps were injected with the CPU mining code from a legitimate Android cryptocurrency mining app; this code is based on the well-known cpuminer software,” said blog post unveils.
On the device, the miner starts as a background service, as soon as it detects an internet connection. It has been designed to launch the CPU miner that connects to a dynamic domain, which redirects it to an anonymous Dogecoin mining pool.
Apparently, the network of mobile miners managed to produce thousands of Dogecoins by February 17, when cybercriminal changed mining pools.
Trendmicro also explains that the malware has been built to download a file that includes all of the necessary info to update the miner’s configuration. Apparently, this file has been modified and is now connecting devices to the WafflePool mining pool.
One thing that users should be aware of is that, although the coin-mining apps presented above were discovered outside the Google Play Store, software that shows similar behavior was spotted in the portal too.
These applications already feature millions of downloads, which suggests that a great deal of Android devices out there are currently being used for cryptocurrency mining by cybercriminals.
“Analyzing the code of these apps reveal the cryptocurrency mining code inside. Unlike the other malicious apps, in these cases the mining only occurs when the device is charging, as the increased energy usage won’t be noticed as much,” the blog post reveals.
However, it seems that the setup might not be as effective as one might believe, due to the fact that phones do not have too much performance capabilities when used as miners, and that users are also bound to observe suspicious behavior.
For example, the battery drains faster than usual, and handsets remain excessively hot when they shouldn’t. Slow charging times can also be observed in some cases, which will expose the presence of a miner.
Those of you who see that their devices are behaving as mentioned above might want to consider the possibility that they were exposed to the threat. The Google Play security team has been reportedly informed on the issue.