Cryptojacking Apps Discovered on Google Play

Sophos Labs recently discovered 25 apps which ran the java scripts to mine Monero (XMR) cryptocurrency. These apps that ran these java scripts were mostly educational apps, games, and other utility apps and had been downloaded up to 120,000 times as reported by Sophos Labs. List of a few such apps: 

These apps mined had an embedded code from coinhive, which would work under the hood and use CPU to solve the cryptographic code required to mine.  However, this code from Coinhive is specifically tailored to crunch numbers using CPU and not GPUs. Hence these apps target the phone’s CPU.

Another reason to mine Monero via crypto jacking is that it offers enough privacy to keep the source, destination, and the amount mined hidden. Unlike Laopi, a mobile mining malware, this code uses CPU throttling to avoid the mistakes like overheating, device slows down, rapid battery drain etc.

11 of these apps were educational apps for standardization tests given in the US, like GRE or SATs. However, the remaining accused apps include:

• Trance Droid by Happy Appys
• HDS Vendors – published by Taste of Life Group
• Dominoes Games from Fun Board Games
• Mobeleader from Abser Technologies S.L.
• Palkar by Palpostr.com
• Dizi Fragmanları İzle from Oguzhan Kivrak
• Helper for Knight Game from Evgeny Solovyov
• Game Viet 2048 from Thanhtu Media
• A Paintbox For Kids by Uwe Post
• Afterlife: RPG Clicker CCG by Levius LLC
• Info Guru Pendidikan by Cakrawala Pengetahuan
• Lighton by Buyguard
• Tapbugs and Dreamspell – both published by Riccotz

Only some of the apps have been taken down, However, most of these apps still remain available on the Google Play Store. And this has been happening long before Google’s Ad ban on cryptocurrencies and is happening even after the recent announcement of the partial uplifting of the same ban.

To prevent yourself, Sophos Lab posts the app package details as shown below. Moreover, steps to check package name a specific app:

1. Go to Google Play on a PC.
2. Search for the App you want to verify, and click on the app.
3. Now check the URL, and you will notice something like this https://play.google.com/store/apps/details?id=com.magoosh.psat.lessons
4. The text after ’id=’ is the package name.

Some relevant articles you can refer:

1. Google Bans Cryptocurrency Mining Apps from Play Store
2. Google Plays Store Still has Apps with Crypto Mining Options

Have you come across any of these types of apps? Stay alert!

Follow us on Social Media – Twitter, Telegram, Linkedin, Instagram, Facebook!