New Android Malware Poses as Google Play Update App to Mine Monero Cryptocurrency
A new Android malware has emerged, disguising itself as a legitimate Google Play update app while stealthily mining the Monero cryptocurrency. This malicious software has been targeting users in India and China, where third-party app stores are more commonly used.
Operational Tactics
Known as HiddenMiner, this malware has proven to be a highly successful threat, with operators managing to withdraw over $5,000 worth of Monero from a single wallet. Its name is fitting, as HiddenMiner employs various obfuscation techniques to avoid detection and automated analysis. These tactics include anti-emulator capabilities and methods to conceal its presence on the victim’s device, such as using a transparent icon and hiding the app from the launcher.
Execution and Impact
When a user downloads HiddenMiner, they are prompted to grant it device administrator privileges. Once activated, the malware will continuously mine Monero in the background, utilizing the device’s resources until they are exhausted. This can lead to rapid battery drain and potential overheating issues, as HiddenMiner lacks any controls to limit its mining activities.
Cryptocurrency Mining Trend
HiddenMiner is just one of many malware strains capitalizing on the popularity of Monero mining due to its lower resource requirements compared to other digital currencies. This trend highlights the importance of cybersecurity hygiene for both individuals and businesses.
According to Trend Micro researchers, users should only download apps from official marketplaces, regularly update their device’s operating system, and carefully consider the permissions granted to applications. By following these best practices, individuals can reduce their risk of falling victim to cryptocurrency mining malware like HiddenMiner.