More and more cyber criminals are turning their attention to mining cryptocurrencies at the expense of users’ mobile devices, according to new research from Kaspersky Lab.
These criminals are reportedly getting greedier and now use not only malware, but also risk tools, hiding mining capacities in popular football and VPN applications to profit from hundreds of thousands of victims without their knowledge.
The hot topic of cryptocurrency mining could not be ignored by cyber criminals, as they seek to increase their profits. They are mining on computers, servers, laptops and mobile devices. However, it is not only mining malware that they use.
According to Kaspersky Lab data, the most popular “legitimate miners” are football-related applications. Their main function is to broadcast football videos while discreetly mining crypto currencies. For this, developers used the Coinhive JavaScript miner.
When users launch the broadcast, the application opens an HTML file with the JavaScript miner embedded, converting visitors’ CPU power to the Monero cryptocurrency for its author’s benefit. The applications were spread via the Google Play Store and the most popular of them was downloaded around 100,000 times. Nearly all (90%) of these downloads originated from Brazil.
Legitimate applications, responsible for VPN-connections, became the second target for malicious miners. Kaspersky Lab found the Vilny.net miner, which is able to monitor the battery charge and the temperature of the device – to obtain money with less risk for the attacked gadgets. For this, the app downloads an executable from the server and launches it in the background. Vilny.net was downloaded over 50,000 times – mostly by users in Ukraine and Russia.
“Our findings show that authors of malicious miners are expanding their resources and developing their tactics and approach to perform more effective cryptocurrency mining,” said Roman Unuchek, security researcher at Kaspersky Lab. “They are now using legitimate thematic applications with mining capacities to feed their greed. As such, they are able to capitalise on each user twice – firstly via an ad display, and secondly via discreet crypto-mining.”
Kaspersky Lab researchers advise users to abide by the following measures in order to protect their devices and private data from possible cyberattacks:
- Disable the ability to install applications from sources other than official app stores
- Keep the OS version of your device up to date in order to reduce vulnerabilities in the software and lower the risk of attack
- Only choose applications from trusted and reliable vendors – especially those which are geared towards safeguarding your privacy when online (e.g., VPN)
- Install a proven security solution to protect your device from cyberattack
