Security researchers recently discovered a covert mining script implemented in several Android-specific apps found on the Google Play Store. According to researchers, the mining script hijacks the victim’s computer processing power to mine cryptocurrencies such as Monero or Zcash.

The mining script was discovered by researchers from the security firm, Trend Micro Inc.

This JavaScript code runs within the app’s webview, but this is not visible to the user because the webview is set to run in invisible mode by default. When the malicious JavaScript code is running, the CPU usage will be exceptionally high.

The researchers took to a post on the firm’s blog to explain the mining script in detail. In the blog post, researchers confirmed that they found several apps on the Google Play Store that executed malicious mining code. All apps managed to bypass detection by implementing a JavaScript native code injection. The code that the apps executed was the same, unsurprisingly, as the code created by the controversial Coin Hive. Since the start of Coin Hive, thousands of websites have used their code to generate funds, and the affected users are estimated to be above 500 million.

In this instance, hackers used similar attack methods as the more traditional attacks; they hid their mining scripts in seemingly legitimate apps. Some apps infected include a wallpaper app, a wireless safety tool, and an app called “Recitiamo Santo Rosario Free.”

According to the researchers, this latest mining script attack proved that even smartphones could be used to run mining scripts without the user’s knowledge. However, they noted that the hackers are likely to gain minimal profit from this campaign. Also, the researchers cautioned users to watch out for a device slow down after installing a specific app.

Since their discovery, the infected apps have been discontinued from the Google Play Store. However, many researchers pointed out the alarming fact that these apps were able to bypass any detection or trigger any security alerts from either Google or the users themselves. So far, it is still unknown how the apps managed to avoid detection.

Some experts seem to think that the mining scripts were implemented only after the apps were added to the Google Play Store. However, this suggestion is also alarming, as it suggests that there is a lack of routine security checks on the part of Google.

Follow us on Telegram | Twitter | Facebook

Featured Images are from Shutterstock.

Blokt is a leading independent cryptocurrency news outlet that maintains the highest possible professional and ethical journalistic standards.


Please enter your comment!
Please enter your name here