Trend Micro has recently published a report that two apps in Google’s Play Store were found to feature malware codes that allows it to mine crytpocurrency on Android devices without users’ knowledge.
The two apps mentioned were Songs by Da Xpert and Prized – Real Rewards & Prizes by Prized. According to Trend Micro, the apps feature the malware ANDROIDOS_KAGECOIN.HBTB that mines for various digital currencies like Bitcoin, Litecoin, and Dogecoin when installed on an Android device. It even has a specific instruction to only mine when the device is charging. Mined coins will then be transferred to the malware maker’s account then cashes them in.
Since mining for crytpocurrencies require a big deal of CPU and GPU resource, bandwidth, and power, it would cause devices to suddenly become hot, charge slowly, or quickly run out of battery.
Clever as the attack is, whoever carried it out may not have thought things through. Phones do not have sufficient performance to serve as effective miners. Users will also quickly notice the odd behavior of the miners – slow charging and excessively hot phones will all be seen, making the miner’s presence not particularly stealthy. Yes, they can gain money this way, but at a glacial pace.
Users with phones and tablets that are suddenly charging slowly, running hot, or quickly running out of batteries may want to consider if they have been exposed to this or similar threats. Also, just because an app has been downloaded from an app store – even Google Play – does not mean it is safe.
Trend Micro has already informed the Google Play security team about the issue. At the time of writing, the apps mentioned above are still available in the Play Store. Prized currently has at least 50,000 installs while Songs has been installed for at least 5,000,000 times.
Is the malware detected by mobile antivirus such as avast?
Unfortunately, no. The advanced heuristic malware detection method found in desktop versions of antivirus software cannot be implemented in the mobile versions thanks to the still-limited power and capability of today’s ARM processors.
Just to let you know, antivirus software used in computers require processing power for the malware detection algorithms to work properly. It takes a lot of guessing and judgmental work for an antivirus software to tell whether the file it’s scanning is malicious or not.
It’s really complicated and way too technical to be discussed in layman’s terms.
I suggest you should do further reading if you’re interested on how antivirus products work.
i think apps are already deleted from the store.
good job Trend Micro
lesson, don’t just install any apps unless needed. halatang useless lang itong mga apps na ito.
Thanks for updating us of this culprit.
siguro ito ang problem sa android. basta upload na lng ng upload ng mga apps sa play store na hindi nila meticulously checking the apps that was being uploaded to their store. Thats why there are almost a hundred thousand of apps on play store. But are all of them being checked by google play store? If it wasnt for a 3rd party these wouldnt had been detected. Was there any news about malware apps being uploaded to the iTunes store?