Malicious Apps: Mining Your Own Business

Share if the site was helpful

Malicious Apps: Mining Your Own Business

Whether you know it or not, you may be an investor in bitcoin.  Ok, that’s not entirely true.  But your phone may have helped someone else mine it without your consent.

Researchers at Kaspersky Lab, a cybersecurity company, have recently found multiple “mining” apps on the Google Play Store that are disguised otherwise.  Apps hiding under the mask of games or streaming apps have secretly been using smartphone processors to mine cryptocurrency without the user’s knowledge.

Mining in Smartphones

Thanks to its recent news hype, most people are familiar with the concept of cryptocurrencies such as Bitcoin and how it’s mined.   There’s no physical digging, but instead users are rewarded the currency in return for processing transactions and updating the blockchain ledger.  And since processing transactions takes hardware and electricity, the more technology you have at your disposal, the more currency you can earn.  This has resulted in giants entering the business and consolidating massive amounts of hardware in warehouses.

Smartphone processors are not as powerful as their desktop counterparts, but when one app is able to tap into thousands of them, the results are still significant.   Kaspersky Labs has found multiple apps with this affliction, some of which have been downloaded more than 100,000 times.  Some of these apps are even programmed to keep tabs on how much processing power their using so as to easily fly under the radar of the average user.

Google’s response

Google has since removed the known abusers of this tactic, but it’s hard to say how many apps are in public hands right now doing the same thing.  It also seems that the betrayal of trust isn’t the only underlying issue here.  Recently Google announced that it would remove any and all mining extension in the Chrome Web Store, regardless of if users were aware of what they were doing or it the extensions were legitimate.  The question remains whether this policy will expand into the Google Play Store, but I think it’s safe to assume it’s only a matter of time before it does.

And until then the question becomes how to avoid these kinds of apps.  Right now from a development standpoint there are no permissions that must be accounted for in relation to mining, so there doesn’t seem to be much security that can block these kinds of apps (other than mindful downloading).

What are your thoughts on your phone being used as a mining tool without your consent or knowledge?  Do you have any thoughts on how to prevent this?  Let us know in the comments below!