Google clearly stated in the Google Play Store developer rules updated on July 27 this year that it is forbidden to upload any cryptocurrency mining application to Google Play. However, the latest survey results still indicate that some developers have found the way to upload to the app store page using hiding the true purpose in apps.
In these years, due to the significant increase in cryptocurrency prices, malicious encryption mining activities have shown a rising trend on a global scale. The mobile device users have also been attacked seriously, especially the users of mainstream mobile operating systems.
Recently, at least 35 cryptocurrency mining applications were found on Google Play. It is estimated that more than 120,000 users may have downloaded and installed them. These applications are disguised as games, utilities, and educational applications by their developers, but in fact, they all embed Coinhive cryptocurrency mining code.
Researchers say that with just a few lines of code, hackers can add mining capabilities to any application that uses the WebView embedded browser.
For all of these applications, their developers have chosen Monroe because it provides enough privacy to hide the originator and recipient of the money transaction, as well as the transaction amount. These applications all use the CPU to mine and limit CPU usage to avoid common drawbacks such as device overheating, high power consumption, and overall slow operation of the device.
Of the 25 applications, 11 are disguised as educational applications related to US exams (ACT, GRE, and SAT) and are published by the same developer account, Gadgetium. According to the researchers, these applications include an HTML page that contains a Coinhive miner.
In addition, one of the applications (de.uwepost.apaintboxforkids) uses the popular open source, CPU miner XMRig, which is designed to mine a variety of cryptocurrencies, including Monroe.
Although some of them have been deleted, there are several apps that can still be downloaded on Google Play.
A complete list of 25 mining applications (APP package names) is shown below: