Cryptocurrencies are becoming very popular these days, there are several legal apps available on both Google Play and Apple App Store which allow users to manage their cryptocurrency accounts from their mobile. A recent research report published by Trend Micro Inc. found hidden code for cryptomining in several Android apps which are listed on Google Play.
Source: Trend Micro
In the past a similar malicious code was used by hackers who hijacked a code developed by Coin Hive to infect thousands of website which affected approximately 500 million users. The same code has been used to infect these apps. The researchers found that the culprits used hidden cryptomining script in such a manner that the apps seems to be legitimate.
The infected apps have diverse purposes which include wireless safety app, wallpapers and even an app “Recitiamo Santo Rosario Free” which is used for Holy Rosary prayers by Catholics. According to Trend Micro “These threats highlight how even mobile devices can be used for cryptocurrency mining activities”. They suggest that “Users should take note of any performance degradation on their devices after installing an app.”
Google has responded promptly and removed the infected apps from Google Play but this raises the question how these apps managed to be listed in the first place. Google needs to scan listed apps on a regular basis to detect apps which are infected with malicious code.