Cybercriminals who are passionate about using cryptocurrency to thrive are increasingly attempting to use vulnerability mining malware to infect mobile devices, and they even use the official Android app store to do so.
){kind=link}
Researchers at Kaspersky Labs have found that multiple malicious vulnerability mining applications distributed through Google Play stores have resulted in miners impersonating games, sports streaming applications, and VPNs. Some of them have been downloaded over 100000 times.
Although these applications seem to provide legitimate functionality, their true purpose is to secretly use the device's CPU power to mine cryptocurrency Monroe.
Illegal cryptocurrency mining has become increasingly popular this year. Although mobile devices have much lower power than personal computers for illegal mining, there are billions of smartphones worldwide, making them easy targets for attackers. This is especially true considering how easy it is for users to install applications.
Roman Unuchek, a security researcher at Kaspersky Lab, said: "Cybercriminals are hoping to make up for the shortcomings of poor smartphone performance and easy detection of mobile mining machines through the large number and high infectivity of handheld devices
Download now: Comparison image: VPN service provider
Researchers have found that the most common mining applications are related to football, and the Portuguese game streaming application is one of the most commonly downloaded applications. This application implements its promotional function, allowing users to watch live football matches while also conducting cautious mining in the background.
The commonly used strategy for attackers is to hide Coinhive JavaScript miners in malicious applications. When the user starts the broadcast, the application opens an HTML file with embedded JavaScript miners, which converts the host's CPU power into a tool for mining Monroe coins.
Researchers say that this football streaming mining software was released through Google Play and has been downloaded by over 100000 users, most of whom come from Brazil.
Another popular method of distributing mining machines through seemingly legitimate applications is to embed them in applications that provide VPN connections.
See: What is malware? Everything you need to know about viruses, trojans, and malware
Researchers have found that a cryptocurrency mining application called Vilny.net has been downloaded more than 50000 times, mainly in Ukraine and Russia.
Vilny's developers have customized this application to monitor the battery level and temperature of devices, allowing attackers to control CPU usage to avoid high temperatures associated with high battery usage - ensuring that users do not notice any suspicious activity and connect it to the application.
Other applications are not as advanced as they are, simply impersonating games and other popular programs while secretly mining cryptocurrencies. Some companies also deceive users twice by displaying advertisements to them until they click - providing attackers with another source of revenue.
These simple cryptocurrency mining games are mostly distributed through third-party websites, despite the discovery of a game called Zombie Fun in the Play Store.
All of this indicates that the threat actors behind malicious mining applications are improving their gaming skills to deceive people into obtaining cryptocurrency for them.
The authors of malicious miners are expanding their resources and developing their strategies and methods to perform more effective cryptocurrency mining, "Unuchek said.
They are currently using legitimate themed applications with mining capabilities to satisfy their greed. Therefore, they can utilize each user twice - first through advertising display, and secondly through cautious encryption mining.