Avast security researchers have discovered two new crypto-mining apps on the Google Play Store that secretly dig on the Monero smartphone. Here are some hints.
According to this blog post, security experts from AVAST, detected a strain of malware, known as JSMiner, in November 2017in Google Play. The Monero cryptomining capabilities were discovered inside the gaming application Cooee. At the time of discovery, Avast forecasted a rise in mobile mining malware as attackers shift their attention from PC to mobile.
Last week, Avast identified two more cryptomining apps in Google Play: SP Browser and Mr. MineRusher with a combined subscriber base in the thousands. According to Avast, the mobile mining process begins once a user downloads the application and opens it.
It doesn’t require user action such as a click of a button to execute. Instead, an automatic connection is made with the website apptrackers.org where the CoinHive Java Script miner for the Monero cryptocurrency is hosted. Once the connection to the domain is made, the mining initiates. However, it does this surreptitiously in the background when the screen is switched off and the device is using data or connected to Wi-Fi. This tactic adds another layer of obscurity to an already imperceptible attack. Further details may be read here.