According to Trend Micro research, Android Monero mining malware appeared last week disguised as a legitimate Google Play update app. However, security experts note that his AndroidsOS_HiddenMiner is not the only Monero mining malware attacking Android devices, and it is unlikely to be the last.
surely. According to Qihoo 360 Netlab, in early February the botnet ADB.Miner distributed its Monero mining malware targeting Android devices. made a discovery. And late last year, Trojan.AndroidOS Loapi could also mine his Monero cryptocurrency on Android devices as one of its many malicious features. report Kaspersky Lab.
(sauce: Tumis (via Pixabay))
When it comes to cryptocurrencies, Monero can mine cryptocurrencies and turn them into cash without being tracked, and it can even steal processing power from devices as small as smartphones to do so, making it difficult for bad actors to do so. Tyler Moffitt said he prefers it to the original one. a Webroot threat research analyst told Security Now.
“Monero’s blockchain transaction ledger is private and untraceable. Bitcoin’s blockchain and the blockchains of most other cryptocurrencies are public and you can view any and all transactions on the blockchain. Essentially, this allows someone to trace Bitcoin back to the exchange's address where it was converted into fiat currency, such as the US dollar,'' Moffitt explained.
He added that unlike Bitcoin, Monero does not require expensive, high-performance ASIC chips to mine. This allows miners and cybercriminals to mine his Monero using consumer graphics processing units (GPUs) and central processing units (CPUs).
For HiddenMiner, Discovered by Trend Micro, a new Android malware uses the CPU power of the victim's device. Hidden Minder was found in third-party app stores and is affecting users in China and India, but Trend Micro researchers say in a report that it would not be surprising if it spread beyond those two countries. points out.
How crypto mining software dials your smartphone
Andrew Bleich, senior security researcher at Lookout, told Security Now that there are two main ways attackers load cryptocurrency mining software onto mobile phones.
First, a user visits a website that contains cryptomining code in its JavaScript, similar to what is enabled on Coinhive.
“This cryptomining code can be distributed through websites and advertisements displayed on websites, so this technique is one of the most common techniques seen both on and off mobile,” Bleich said. “This is delivered through a small piece of JavaScript code that runs automatically in browsers that do not have JavaScript disabled.”
Moffitt says streaming video services, which offer a “free” way to stream movies, TV shows, and especially adult entertainment content, on devices such as smartphones are ripe for cryptocurrency mining attacks. As long as a user is connected to a particular website that is streaming content or other forms of content, attackers can mine cryptocurrencies.
Bleich noted that another common way for attackers to mine cryptocurrencies on a user's phone is when the user installs or downloads an app that contains cryptomining code.
“We are starting to see more reports of mobile apps containing cryptomining code,” Bleich said. “Additionally, this code can be embedded in the same way as the first method, by loading the JavaScript code using a web view or a hidden web view. The cryptomining code does not require JavaScript to run. It can be native app code that doesn't need to be a user, but it can also be hidden from the user.”
Security experts point out that users can usually detect if a cryptocurrency miner is running on their smartphone because mining software consumes CPU power and quickly drains the battery, causing the device to heat up. are doing. Moffitt also advises users to close open suspicious browser tabs or tabs that only display ads.
Growth rate of malicious cryptocurrency miners on smartphones
Security experts say there are currently no hard statistics on the number of malicious cryptocurrency miner malware attacks on smartphones, but they note that the trend appears to be on the rise.
“Over the past few months, more security research continues to be published that identifies cryptocurrency mining malware on devices more than any other type of malware,” Bleich said. “In fact, thanks to facilitation services like Coinhive, the ability to inject cryptomining code into apps is much easier than it was a few years ago, so we expect this type of activity to continue to increase. Yes, as long as it turns out to be beneficial to the attacker.”
Related article:
— Dawn Kawamoto is an award-winning technology and business journalist whose work has appeared on CNET's News.com, Dark Reading, TheStreet.com, AOL's DailyFinance, and The Motley Fool..
