Researchers find hidden miners on Google Play

Posted on Apr 13 2018 - 10:38am by Upgrade Staff

Kaspersky Lab’s researchers discovered that more and more cyber criminals are turning their attention to malicious software that mines cryptocurrencies at the expense of users’ mobile devices. These criminals are getting greedier and now use not only malware, but also risk tools, hiding mining capacities in popular football and VPN applications to profit from hundreds of thousands of victims without their knowledge.


When a computer show signs of slowing down, many tend to blame viruses. But in the case of smartphones — sluggishness, overheating, or short battery life are usually put down to age. Time to buy a new one, people say. In fact there is a chance that the problem may lie elsewhere — hidden mining, to be precise.

When it comes to mining, computing power matters. Of course, in terms of performance, mobile devices cannot hope to compete with desktop computers armed with the latest graphics cards. But in the eyes of cybercriminals, the sheer number of devices makes up for their lack of power. For those accustomed to feeding off other people’s processing power, the millions of devices out there present an opportunity too juicy to ignore.

It’s actually alarmingly simple to infect a smartphone or tablet with a hidden miner. There’s no need for the device owner to knowingly install a miner or download an app from a dubious source. Hidden miners can be picked up by downloading and running seemingly innocuous apps available on the official Google Play store.

Miners on Google Play

Typical miners pretending to be handy tools or games don’t perform as described — instead, they show ads and covertly mine for cryptocurrency. But Google Play and other official stores keep out such fakes or, if they do manage to sneak in, quickly find and remove them. Therefore, malicious apps of this sort are distributed mainly through forums and nonofficial stores. The problem for cybercriminals is that too few people download anything from such resources.

But they found a way around that particular problem: If an app actually does what is promised in its description, and the malware is neatly disguised, it may slip through. That’s already happened — an attempt to create a smartphone-based botnet bypassed the safeguards on Google Play and a number of other app stores. Kaspersky Lab experts recently found several other specimens as well, this time with built-in miners.

The most popular apps we found of this type were soccer-related: a family of apps with names including PlacarTV (placar means score in Portuguese), one of which had been downloaded more than 100,000 times. It contained the Coinhive miner, which mined Monero coins while users streamed games. It’s a clever ruse, and not that easy to spot: Your mind is on the match, and watching videos heats up the phone and drains the battery anyway, just like the miner does, so you’ll have no reason to be suspicious.

Our experts also found a miner in a free VPN app called This malware’s trick was to keep tabs on the phone’s temperature and battery. It then suspended mining as needed to avoid overheating or draining the device and attracting the owner’s attention. A more detailed and technical post on this miner is available on Securelist.

Kaspersky Lab has alerted Google about these apps, and the soccer-related ones have been removed from the Google Play store — is still available in the store, though. What’s more, there is no guarantee that some other apps with hidden miners won’t sneak in there in the future. So staying safe from them is up to users.

“Our findings show that authors of malicious miners are expanding their resources and developing their tactics and approach to perform more effective crypto-currency mining. They are now using legitimate thematic applications with mining capacities to feed their greed. As such, they are able to capitalize on each user twice – firstly via an ad display, and secondly via discreet crypto-mining,” said Roman Unuchek, security researcher at Kaspersky Lab.

How to guard against hidden miners on Android

  • If your smartphone is behaving oddly, don’t ignore it. If it heats up quickly and loses power for no apparent reason, it might be infected. You can find out if an app has suddenly started eating too much battery with a special app such as Kaspersky Battery Life (available from Google Play for free).
  • When looking for new apps, take the developers of those apps into account. Software from reputable developers is far less likely to contain infections.
  • Disable the ability to install applications from sources other than official app stores
  • Keep the OS version of your device up to date in order to reduce vulnerabilities in the software and lower the risk of attack
  • Only choose applications from trusted and reliable vendors – especially those which are geared towards safeguarding your privacy when online (e.g., VPN)
  • Install a proven security solution to protect your device from cyberattack. It will help detect all miners, including ones that don’t noticeably overheat or discharge your device. Even a miner designed to back off periodically will eventually wear out your phone — and a crude one could toast it.

Related Posts

Cyber criminals continue to use new tactics in car... Cyber criminals continue to use new tactics in carrying out attacks. This is according to the 2017 Symantec’s Internet Security Threat Report (ISTR), ...
P1M up for grabs in Kaspersky’s online conte... Think you can outwit the brightest minds in the world and win various prizes including P1 million? Kaspersky Lab is inviting Filipino Internet user...
Kaspersky Lab helps disrupt Lazarus Group cyber-at... Together with Novetta and other partners, Kaspersky Lab announced its contribution to Operation Blockbuster, which aimed to disrupt the activity of th...
Kaspersky Lab detects over 2M mobile malware in Q1... Cybercriminals continue to improve new techniques to deceive users and their malware targets not just big organizations but also personal consumers. K...
INFOGRAPHIC | Why cybercriminals need your smartph... Mobile malware is the hottest topic among cybercriminals and the number of malicious mobile apps is rapidly growing. The reason for that is obvious...
Kaspersky Lab eyes to close gender gap in cybersec... In recent years, more and more women have climbed the corporate ladder to occupy important positions in the business world serving as role models for ...
Key security incidents that shaped threat landscap... Some of the revelations of the past year raised questions about the way the Internet is used nowadays and the type of risks faced by users, according ...
7 Things you need to STOP doing online By Sarah Pike of Kaspersky Lab In the beginning, the Internet was not terrifically user-friendly — early users needed tech chops just to get online, ...
Half of businesses find it hard to identify seriou... Prevention is still the main pillar of corporate cybersecurity, said the report ‘New Threats, New Mindset: Being Risk Ready in a World of Complex Atta...
D-Link partners with Nanotec Corp. to expand its d... Taiwan-based D-Link International announced its partnership with Nanotec Corporation, an ICT and security products distributor, to expand its distribu...
About the Author

Leave A Response