It was reported yesterday that 19 Android applications in Google Play were found to be cryptojacking by secretly loading an instance of the Coinhive script without user knowledge. An analysis of the malicious apps revealed that app authors —believed to be the same person or group— hid the Coinhive JavaScript mining code inside HTML files in the apps’ /assets folder. Professor Giovanni Vigna, CTO and Co-Founder at Lastline commented below.
Professor Giovanni Vigna, CTO and Co-Founder at Lastline:
“We are going to see an increase in the exploitation of computing resources for cryptomining. There are a number of platforms that haven’t been tapped yet, and it seems that there is an increase in the sophistication of these attacks. The only reliable way to identify this behavior is through dynamic analysis, as the CPU profiles are very easily discernible. However, often the cryptomining code is obfuscated, delayed, or downloaded dynamically after the application is executed, often circumventing unsophisticated sandboxing environments. Installing well-reviewed applications from trustworthy publishers on well-known markets is the only way to reduce risk. These cryptominers are “loud” as they use an extensive amount of CPU (and battery) and therefore they are easily spotted by users after a short amount of time.”
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
