Fake Android Apps Caught Mining Cryptocurrency Again

Hackers Implement Cryptocurrency Mining Code on Popular Websites

Back in October 2017, there were three apps were discovered to be infected with a cryptocurrency miner. Given that the cryptocurrency industry managed to gain popularity and exposure in 2017, this news became common. And it seems the trend is going to continue into the new year too.

IT security researcher, Elliot Alderson discovered fake apps that were on the Android market which were capable of targeting a devices CPU power. The fake Android-based apps had the Coinhive infection on them which made them miners of cryptocurrency. The security researcher, whose real name is Robert Baptiste, said that the fake apps were available on a third-party site. The website falsely claims that it provides free APKs, Android application packages. However, these APKs will be filled with Coinhive miner infection from the start.

Speaking to reporters, Baptiste said that he did not think the apps were original in any way. The cyber attackers took the fake apps, modified them, and now uses multiple dropper apps to be able to distribute the modified apps, he believes. The hackers will change the app name and the package name, and based on his digging and research, Baptiste now believes that there are close to 291 applications all with different icons and names.

Some of the APK files which were available on the website were scanned for viruses using VirusTotal. The scans showed that the files were infected with the Coinhive miner. Any secret use of cryptocurrency miners on users is considered to be nothing but malware used on victims. Last year, CloudFlare was forced into removing one of the users from the site after secretly using the Coinhive miner software, and not giving users the chance to opt out or disable the code.

The scam website which provided the apps, (androidapk.world), shows that it had fully put on the Google search engine without any suspicions being raised. The site also goes a step further in claiming that they provide APKs for popular apps such as Super Mario Run, Netflix, Mobile Strike, Clash of Clans, amongst others. The site was reportedly registered last year in March, and the download counter shows that it has had millions of APK file downloads since then. However, at time of going to print it was unclear whether the hackers were just trying to trick and scam people into thinking that their numbers were real.

Android users were urged to continue being vigilant when it came to their phones. Users should download their apps from trusted stores, and avoid third party sources. Users are also encouraged to scan their phones with reputable anti-virus firms such as Kaspersky and McAfee. The devices and operating should be updated at all times.