Jump to content

Recommended Posts

Posted

Monero-mining Android malware will exhaust your phone in its quest for cash.

 

uAFuBJv.jpg.6b66399e8a23292dec4e2962969c89fe.jpg

 

A new strain of Android malware will continuously use an infected device's CPU to mine the Monero cryptocurrency until the device is exhausted or even breaks down.

 

Security company Trend Micro has named the malware HiddenMiner because of the techniques it uses to protect itself from discovery and removal.

 

Like most cryptocurrency-mining software, HiddenMiner uses the device's CPU power to mine Monero.

But Trend Micro said that because there is no switch, controller, or optimizer in HiddenMiner's code it will continuously mine Monero until the device's resources are exhausted.

 

"Given HiddenMiner's nature, it could cause the affected device to overheat and potentially fail," the company said.

 

If the researchers' concerns are correct, this is not the first cryptocurrency-mining malware to put your smartphone at risk: last year the Loapi Android malware worked a phone so hard that its battery swelled up and burst open the device's back cover, wrecking the handset within 48 hours.

 

Trend Micro said the two pieces of malware share similarities, noting that Loapi's technique of locking the screen after revoking device administration permissions is analogous to HiddenMiner's.

 

Researchers at the company identified the Monero mining pools and wallets connected to the malware, and spotted that one of its operators withdrew 26 XMR -- around $5,360 -- from one of the wallets.

This, they said, indicates a "rather active" campaign of using infected devices to mine cryptocurrency.

 

HiddenMiner poses as a legitimate Google Play update app, and forces users to activate it as a device administrator.

It will persistently pop up until victims click the Activate button; once granted permission, HiddenMiner will start mining Monero in the background.

 

It also attempts to hide itself on infected devices, for example by emptying the app label and using a transparent icon after installation.

Once activated as device administrator, it will hide the app from the app launcher.

The malware will hide itself and automatically run with device administrator permission until the next device boot.

HiddenMiner also has anti-emulator capabilities to bypass detection and automated analysis.

 

It's also hard to get rid of: users can't uninstall an active system admin package until device administrator privileges are removed first.

But HiddenMiner locks the device's screen when a user wants to deactivate its device administrator privileges, taking advantage of a bug found in Android operating systems before Android 7.0 Nougat.

 

Trend Micro said that HiddenMiner is found in third-party app marketplaces and is affecting users in India and China, but it won't be a surprise if it spreads beyond these countries.

 

The emergence of this malware should reinforce the need for mobile security hygiene, said Trend Micro: download only from official app marketplaces; regularly update the device's OS, and be careful about the permissions you grant to applications.

 

 

Source:

Android security: This malware will mine cryptocurrency until your smartphone fails | ZDNet

76c90dd0e79a714317a8daeecc1584d2.png

  • FPCH Admin
Posted
Be careful from where you get your apps.

Even if you get them from Google in the android app store you'll still be vulnerable.

 

Apps are not checked when submitted so anything can be in them. Say what you want about Apple but not just anyone can submit an app. They make it tough for devs to get their apps listed in the app store, but, you get good quality clean from virus. Not saying it'a 100% perfect. You're just less likely to get anything malicious.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...