Legit Google Play apps found to be covertly mining digital currency

Google Play Malware Android Apps

In addition to Android apps sideloaded from unsecure third parties, which can contain malicious code that can turn devices into slow cryptocurrency miners, antivirus provider Trend Micro has discovered two legitimate Google Play apps that have between them over one million downloads. The firm also found that the apps can turn Android smartphones and tablets into digital currency miners without the users knowing what’s happening.

Mining for digital currency – including Bitcoin, Litecoin, Dogecoin and many others – requires lots of computing power and energy consumption. Furthermore, doing so on mobile devices that aren’t as powerful as traditional computers, or rigs especially built for crytpocurrency mining purposes, may put additional strain on them, leading to increased energy consumption and heat generation. Thus, overall performance of the handset or tablet is affected, and battery life shortened.

The Google Play Store apps that have secret mining code include Songs (installed from one million to five million times,) and Prized (installed from 10,000 to 50,000 times). Unlike malware apps available from third parties that mine for coins at all times, these two apps have been customized to only mine when the phone is charging, thus potentially eliminating any suspicions from users, at least at first. However, as time goes by, users may notice excessive heat, slower charging times and decreased performance.

The two apps are still available from the Google Play Store, and each one has a rating of 4.0 out of 5 stars from multiple reviews. Both apps are available as free downloads for devices running Android 2.2 or later, but they were not created by the same developer. Currently, they appear to be set to mine Litecoin, according to Trend Micro. It’s not known whether there are more apps in the Google Play Store that pack similar mining code.

Google has significantly improved Android security in recent years, preventing apps from running malicious code, so it’s probably only a matter of time until covert cryptocurrency mining apps will also get the boot from the official Android app store.

blog comments powered by Disqus