Trend Micro, the antivirus cloud computing security and internet content security software provider, who detected the apps infecting the Play Store, found them to be ANDROIDOS_JSMINER and ANDROIDOS_CPUMINER.
“As cryptocurrencies have grown in popularity and value, cryptocurrency mining has turned into a lucrative business,” said Chris Olson, CEO of web monitoring firm The Media Trust. “However, it’s also a resource-intensive business that drives the enslaving of hundreds or thousands of devices to access their computing power.”
These are the Android apps that pretends to be legitimate and adds mining libraries which are further repackaged and distributed. A car wallpapers app called “Car Wallpaper HD: mercedes, ferrari, bmw and audi” contained the CPUMINER malwares. This app deployed the CPUMINER libraries, and mined several cryptocurrencies.
With the mainstream internet access to every mobile, a lot of users download the apps without knowing who their manufacturers are, the encryption they provide, and other information, which becomes a cause for disasters.
Not only the apps in the Google Play Store, websites are also being attacked by the CoinHive miners. The security firm Sucuri in their blog last week, estimated that the cryptocurrency miners were injected in over 500 WordPress websites. The volumes of attack have been unsophisticated and very low so far. Other web platforms like Magento, Joomla, and Drupal were also found to be the victims of this attack at some point of time and these attacks seem to be a new rising trend among hackers now.
Recently, a security bug called KRACK was found in the WPA2 protocol, which enabled the attacker to intercept credit card numbers, passwords, photos, and other sensible information.
Google has already removed all these apps from the Play Store. Though it is still not clear how many downloads each app received and how much money the attackers made.