Beware Of Cryptojacking Malware In Sideloading Android Apps
Security and privacy are the two foundations of Google’s persistence for promoting the use of their Play Store as the source for Android apps. Google checks apps published in the Play Store through the use of Google Play Protect technology, which closely resembles an antivirus system built for Android. People that source their Android apps from 3rd party sources, especially downloaded from unknown websites are subjecting themselves and the device into huge risks.
The latest issue about the insecurity of 3rd party app stores is the existence of trojan horse apps. These apps continue to function as advertised but hide a nasty functionality such as stealing personal information and/or infecting the device with malware. “Recently, we have discovered that a version of the popular game Bug Smasher, installed from Google Play between one and five million times, has been secretly mining the cryptocurrency Monero on users’ devices. On Android devices, the computational load can even lead to ‘bloating’ of the battery and thus to physical damage to, or destruction of the device,” claimed an Eset representative, Eset is a mainstream antivirus firm.
The processing capabilities of a mobile SOC (System-on-a-chip) in a smartphone or tablet is weaker than a traditional laptop or desktop PC. The virus authors who develop cryptocurrency mining malware depends heavily on the volume of infected devices. The more device they infect, the higher chances of resolving complex crypto hashes in the process. Compared to mining cryptocurrencies using traditional ASIC machines (Application-Specific Integrated Circuit), virus authors are taking advantage of stolen CPU cycles from other computing devices. This greatly lessens the financial overhead of setting-up a cryptominer, as a group of stolen CPU cycles can perform hashes comparable to the performance of an expensive ASIC machine.
Mobile smart device cryptojacking is the newest lucrative endeavor by the cybercriminals as people tend to find cheaper alternatives to source their apps. Those that download apps from non-official sources are the easiest to target. The Monero cryptojacking malware as reported by Eset is more profitable for the cybercriminals, as it is easier to mine under the Monero currency as it is not yet saturated compared to Bitcoins, which is harder to mine these days.
In order to minimize the chance of getting infected by a cryptojacking malware, please follow the following advice:
- Aside from Google Play Store, the only two stores that can be safely be used as a source of Android Apps are F-droid and Amazon App Store. Stay-away from other sources, especially downloading .apk files randomly from the web.
- There is no visible signs and symptoms that a mobile device is infected by cryptojacking malware, but it requires that a device is in unlocked state and connected to wifi/data for it to do its job. Only turn-on wifi or data when needed, this will render the cryptojacking malware unable to perform its job and reach its goal of mining crypto coins.
- Never visit the website links received from a suspicious email message. Modern cryptocurrency mining malware can perform mining through a web browser.
Julia Sowells960 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.