Connect with us

Altcoins

Monero [XMR] mining through hidden miners – Another android malware

Abhishek Anil

Published

on

Monero [XMR] mining through hidden miners - Another android malware
Source: Flickr

Cyber Security firm Sophos had discovered 19 Android apps that load an instance of Coinhive script without user knowledge being circulated in Google Play Store in February this year. The strategy followed by the hackers is it downloads and installs modules of which subterfuges as antivirus or adult content apps.

These apps download and install several modules which perform different actions varying from stealing SMS to creating proxy and mining Monero [XMR]. It slows down the phone and warms it up because of the strain on the CPU.

Similarly, Trend Micro, a Security firm has discovered HiddenMiner, an Android malware. The etymology lies behind its ability to prevent itself from being discovered and removed. This software is powered to mine Monero. 

A Twitterati commented:

“Hackers have become so sly that have started hiding Monero cryoptominers in a picture of Scarlett Johansson! “

These apps include the abuse device administrator features to remain hidden and runs in the background till the device runs out of power or fails due to overheating. It retains administrator privileges by locking the screen’s device using a flaw in Android Operating system.

The researchers have also found mining pools and wallets corresponding to the malware, among which, one of the pool operators withdrew an amount close to $5,000, which is almost 26 XMR.

Lorin Wu, a mobile threats analyst with Trend Micro wrote:

“This is similar to the Loapi Monero-mining Android malware, which other security researchers observed to have caused a device’s battery to bloat. In fact, Loapi’s technique of locking the screen after revoking device administration permissions is analogous to HiddenMiner’s”

A Security Researcher who goes by the name Elliott commented:

“I don’t think these apps are the original apps. The ‘hacker’ modified it and repacked it and after that, he uses multiple dropper apps to distribute these modified apps. Only the package name and the app name has been changed and I just dig up more and in fact, this is the same app 291 times which means there are 291 applications with different icons and names,”

The emergence of apps such as Coinminer, Loapi, etc. has brought upon a new era of cryptocurrency hacking. Android users to prevent their phones from being used for unauthorized mining should refrain from installing APK’s from unauthorized sources and rely on verified apps on Google Playstore and other legitimate businesses.


Trending