{"id":21882,"date":"2018-04-04T06:00:16","date_gmt":"2018-04-04T10:00:16","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=21882"},"modified":"2022-10-18T08:05:13","modified_gmt":"2022-10-18T12:05:13","slug":"google-play-hidden-miners","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/google-play-hidden-miners\/21882\/","title":{"rendered":"Hidden miners on Google Play"},"content":{"rendered":"

When a computer shows signs of slowing down, many tend to blame viruses. But in the case of smartphones, sluggishness, overheating, or short battery life are usually put down to age. Time to buy a new one, people say. In fact, there is a chance that the problem may lie elsewhere \u2014 hidden mining<\/a>, to be precise.<\/p>\n

When it comes to mining, computing power matters. Of course, in terms of performance, mobile devices cannot hope to compete with desktop computers armed with the latest graphics cards<\/a>, but in the eyes of cybercriminals, the sheer number of devices makes up for their lack of power. For those accustomed to feeding off other people\u2019s processing power, the millions of devices out there present an opportunity too juicy to ignore.<\/p>\n

It\u2019s actually alarmingly simple to infect a smartphone or tablet with a hidden miner. There\u2019s no need for the device owner to knowingly install a miner or download an app from a dubious source. Hidden miners can be picked up by downloading and running seemingly innocuous apps available on the official Google Play store.<\/p>\n

<\/strong><\/p>\n

Miners on Google Play<\/h2>\n

<\/p>\n

Typical miners pretending to be handy tools or games don\u2019t perform as described \u2014 instead, they show ads and covertly mine for cryptocurrency. But Google Play and other official stores keep out such fakes or, if they do manage to sneak in, quickly find and remove them. Therefore, malicious apps of this sort are distributed mainly through forums and nonofficial stores. The problem for cybercriminals is that too few people download anything from such resources.<\/p>\n

But they found a way around that particular problem: If an app actually does what is promised in its description, and the malware is neatly disguised, it may slip through. That\u2019s already happened<\/a>\u00a0\u2014 an attempt to create a smartphone-based botnet bypassed the safeguards on Google Play and a number of other app stores. Kaspersky Lab experts recently found several other specimens as well, this time with built-in miners.<\/p>\n

The most popular apps we found of this type were soccer-related: a family of apps with names including PlacarTV (placar<\/em> means score<\/em> in Portuguese), one of which had been downloaded more than 100,000 times. It contained the Coinhive miner, which mined Monero coins while users streamed games. It\u2019s a clever ruse, and not that easy to spot: Your mind is on the match, and watching videos heats up the phone and drains the battery anyway, just like the miner does, so you\u2019ll have no reason to be suspicious.<\/p>\n

Our experts also found a miner in a free VPN app called Vilny.net. This malware\u2019s trick was to keep tabs on the phone\u2019s temperature and battery. It then suspended mining as needed to avoid overheating or draining the device and attracting the owner\u2019s attention. A more detailed and technical post on this miner is available on Securelist<\/a>.<\/p>

\"\"<\/a>

Here\u2019s what detect of a hidden miner look like. Technically, it\u2019s Not-a-virus<\/strong><\/a>, nasty nevertheless<\/p><\/div>\n

We alerted Google about these apps, and the soccer-related ones have been removed from the Google Play store \u2014 Vilny.net is still available in the store, though. What\u2019s more, there is no guarantee that some other apps with hidden miners won\u2019t sneak in there in the future. So staying safe from them is up to you.<\/p>\n

<\/strong><\/p>\n

How to guard against hidden miners on Android<\/h3>\n

<\/p>\n