Security researchers recently discovered a covert mining script implemented in several Android-specific apps found on the Google Play Store. According to researchers, the mining script hijacks the victim’s computer processing power to mine cryptocurrencies such as Monero or Zcash.
The mining script was discovered by researchers from the security firm, Trend Micro Inc.
In this instance, hackers used similar attack methods as the more traditional attacks; they hid their mining scripts in seemingly legitimate apps. Some apps infected include a wallpaper app, a wireless safety tool, and an app called “Recitiamo Santo Rosario Free.”
According to the researchers, this latest mining script attack proved that even smartphones could be used to run mining scripts without the user’s knowledge. However, they noted that the hackers are likely to gain minimal profit from this campaign. Also, the researchers cautioned users to watch out for a device slow down after installing a specific app.
Since their discovery, the infected apps have been discontinued from the Google Play Store. However, many researchers pointed out the alarming fact that these apps were able to bypass any detection or trigger any security alerts from either Google or the users themselves. So far, it is still unknown how the apps managed to avoid detection.
Some experts seem to think that the mining scripts were implemented only after the apps were added to the Google Play Store. However, this suggestion is also alarming, as it suggests that there is a lack of routine security checks on the part of Google.