[German]Avast security researchers have discovered two new crypto-mining apps in the Google Play Store that secretly mining Monero crypto currency on aa infected smartphone.
According to this blog post, security experts from AVAST discovered a strain of malware known as JSMiner in Google Play in November 2017. It was the Cooee gaming app, where monero cryptomining capabilities have been discovered. At the time of discovery, Avast predicted an increase in mobile mining malware as attackers shift their attention from the PC to the mobile phone.
Last week, Avast identified two more crypto-mining applications in Google Play: SP Browser and Mr. MineRusher with a combined subscriber base of thousands. According to Avast, the mobile mining process starts as soon as a user downloads and opens the application.
This does not require any user action, such as clicking a button to execute the miner. Instead, it automatically connects to apptrackers.org, which hosts the CoinHive Java Script Miner for the crypto currency Monero.
Once the connection to the domain is established, the digging of crypto money begins. However, this happens secretly in the background when the screen is turned off and the device is using data or connected to Wi-Fi. This tactic adds another layer of disguise to an already imperceptible attack. More details can be found in this blog post.