Sophoslabs has published a report in which the company claims to have identified at least 25 Android apps published on the official Google Play store that contain script facilitating the ‘cryptojacking’ of users’ computing resources.
25 Apps Containing Mining Malware Identified on Google Play Store
Sophoslabs claims to have discovered 25 applications on the official Google Play store that contain cryptojacking code within them.
A report published by the company asserts that the apps in question have “been downloaded and installed more than 120,000 times.”
The apps accused on containing cryptojacking code are LHDS Vendors – which is published by Taste of Life Group, Mobeleader from Abser Technologies S.L., Palkar by Palpostr.com, Dizi Fragmanları İzle from Oguzhan Kivrak, Helper for Knight Game from Evgeny Solovyov, Game Viet 2048 from Thanhtu Media, Trance Droid by Happy Appys, A Paintbox For Kids by Uwe Post, Afterlife: RPG Clicker CCG by Levius LLC, Dominoes Games from Fun Board Games, Info Guru Pendidikan by Cakrawala Pengetahuan, Lighton by Buyguard, Tapbugs and Dreamspell – both published by Riccotz, and 11 apps published by Gadgetium – all of which comprised “preparation apps for standardized tests given in the [United States].”
88% of Cryptojacking Apps Contain Coinhive Implementation
22 of the 25 apps identified by Sophoslabs were found to contain an implementation of Abser Technologies’s code.
Mobeleader and Lighton were found to hosting mining scripts on their own servers – “presumably to thwart firewalls or parental controls/reputation services that might block Coinhive’s domain by default.”
A Paintbox for Kids was found to be running Xmrig – “an open source CPU miner that can mine several cryptocurrencies in addition to XMR.”
The discovery of the applications comes in spite of the Google Play Store’s July ban on “apps that mine cryptocurrency on devices.”
The ban followed several other undertaking perceived to comprise a crackdown on cryptocurrency across Google’s platforms – including the prohibiting of cryptocurrency mining extensions from the Chrome Web Store in April, and the banning of advertising content relating to “cryptocurrencies and related content” from Google’s platforms in March.