Thursday, March 27, 2014

Millions of Android app downloads infected with cryptocoin-mining code

More than a million Android smartphones are mining cryptocoins without the owners' knowledge, via apps downloaded from Google Play which stealthily incorporate 'hashing' software.
Researchers at security company Trend Micro say they have found at least two apps on the Google Play store, Songs and "Prized", which contain code to join any phone that has them to a cryptocoin-mining "pool". Each app has had between 1m and 5m downloads, meaning that up to 10m phones might be affected. Songs was still available at the time of publication. An email to the developer had not been answered by time of publication.
The subverted apps seem to include a request to run the mining software within their terms and conditions - meaning that once the user clicks "OK" they have in effect given it permission to steal their processing time. Trend Micro criticised "the murky language and vague terminology" of the terms and conditions.
The company also discovered bitcoin-mining code hidden in repackaged versions of Football Manager Handheld and TuneIn Radio outside Google Play. There is no suggestion that the ones on the official store are affected.

No comments:

Post a Comment