• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 19th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Android

Fake Android apps caught dropping Coinhive miner

January 7th, 2018 Waqas Android, Malware, Security 0 comments
Fake Android apps caught dropping Coinhive miner
Share on FacebookShare on Twitter

In October last year, three Android apps on Play Store were found infected with Coinhive cryptocurrency miner to generate Monero digital coins. Now, an IT security researcher Elliot Alderson found fake Android apps that are infected with Coinhive cryptocurrency miner specially developed to use the CPU power of a targeted device.

Fake app real miner

According to Elliot, whose real name is Robert Baptiste, these apps are available on a third-party website that claims to provide free APKs (Android application package) to users but in reality, these APKs are infected with Coinhive miner from the beginning.

“I don’t think these apps are the original apps. The “hacker” modified it and repacked it and after that, he uses multiple dropper apps to distribute these modified apps. Only the package name and the app name has been changed and I just dig up more and in fact, this is the same app 291 times which means there are 291 applications with different icons and names, Baptiste told HackRead.

Upon scanning, some of the APK files available on the site, VirusTotal showed that these files were infected with the Coinhive miner. Remember, secret use of any cryptocurrency miner is considered as using malware against users. To prove the point, last year, CloudFlare booted off one of their customers for secretly using Coinhive miner and not letting site visitors to opt-out or disable the code.

300 fake Android App found infected with Coinhive miner

VirusTotal scan result

Found hundreds of infected #android apps with a #Coinhive miner: https://t.co/F8vSSQWSyg

Coinhive miner code: https://t.co/eIVlFoDZP1 …

Dropper app: https://t.co/kVEHPgmt8W …

VT score: 2/61

cc @JAMESWT_MHT @malwrhunterteam @bad_packets @virqdroid @LukasStefanko pic.twitter.com/mxh6abuzfO

— Elliot Alderson (@fs0c131y) January 6, 2018

A look at the scam website (androidapk.world), that is hosting these malicious apps, shows it has been fully indexed in Google search engine without raising any suspicion. Also, the site claims to provide APKs for top apps including Super Mario Run, Netflix, Mobile Strike, Clash of Clans and others.

300 fake Android App found infected with Coinhive miner

Screenshot via Elliot Alderson

Moreover, the site was registered in March last year and since then the download counter shows some APK files have been downloaded millions of times. However, it is unclear if the download counter displays real-time figures or cybercriminals behind the scam are manually displaying the numbers to pose as an active and trustworthy APK download site.

Android users be vigilant

Until now, the biggest victims of cryptocurrency miners were website owners and unsuspecting visitors. Now, Android users are also at risk. In the past, cybercriminals preferred malware attacks but since the price of Bitcoin has suddenly surged there has been an increase in attacks involving cryptocurrency miners.

Android users should be aware of the situation and;

Avoid downloading unnecessary apps from Play Store as well as third-party sites.
 Keep your devices updated
 Make sure to scan it with a reputed anti-malware software
 Keep an eye on your phone's CPU usage

Users on PCs

Those on computers should also be aware of the situation and use Whoismining to see if a site they are about to visit is secretly mining cryptocurrency or not. Furthermore, there are two Chrome extensions No Coin and minerBlock developed to block any crypto miners from using your computing power.

About Elliot Alderson

Elliot Alderson is the same security researcher who in November last year found two pre-installed backdoor apps in OnePlus 5, 3 or its 3T model that would allow attackers to spy and steal personal data from users.

  • Tags
  • Android
  • CoinHive
  • Cryptocurrency
  • Google
  • hacking
  • internet
  • Malware
  • PlayStore
  • Privacy
  • Scam
  • security
Facebook Twitter LinkedIn Pinterest
Previous article BlackBerry Mobile Website hacked to mine Monero via Coinhive
Next article Hundreds of Android Gaming Apps are Tracking Your TV Viewing Habits
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
X-rated social media app Fleek exposed explicit photos of users

X-rated social media app Fleek exposed explicit photos of users

Top Tips to Upscale Your Netflix Security Instantly

Top Tips to Upscale Your Netflix Security Instantly

'Child's Play' - Kids breach and bypass Linux Mint screensaver lock

'Child's Play' - Kids breach and bypass Linux Mint screensaver lock

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Hackers compromised IObit forum to spread DeroHE ransomware
Hacking News

Hackers compromised IObit forum to spread DeroHE ransomware

47
X-rated social media app Fleek exposed explicit photos of users
Leaks

X-rated social media app Fleek exposed explicit photos of users

64
Top learning management system (LMS) software for small businesses
Technology News

Top learning management system (LMS) software for small businesses

584

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us