Kaspersky Lab has revealed that cyber criminals have moved into manipulating perfectly legal applications, in which they implant their malicious codes to stealthily hijack your device resources to mine them cryptocurrencies.
Kaspersky cites football-related and VPN apps as the major hosts of these monero-mining scripts. The cybersecurity firms has found evidence that cyber criminals are infecting legitimate apps and spreading them around the internet guised as football broadcasting apps or VPN apps. The major destination countries for such apps are Brazil and Ukraine.
Football apps are by far more infected by the stealthy malicious codes than VPNs. As the users use these apps to broadcast football videos, their devices are being discreetly used to mine cryptos for the criminals.
The criminal developers are mainly using Coinhive JavaScript to mine. When the user launches the infected app to broadcast football matches, an HTML files with the embedded JavaScript miner gets activated and converts the host device’s CPU power into Monero mining machine.
Most of these apps are being spread via Google Play Store, with the most popular of the infected application having been downloaded about 100,000 times. About all of these downloads (90%) are originating in Brazil.
VPN apps are second in line with regards to the most infected applications by cybercriminals executing cryptojacking. Kaspersky also identified the app Vinly.net miner that is used to monitor the battery charge and temperature of a device having been infected and used to stealthily obtain money for criminals.
Apparently Vinly.net downloads executable files from server and launches them in the background. Kaspersky Lab reports the app was downloaded over 50,000 times mainly in Russia and Ukraine.
“Our findings show that authors of malicious miners are now using legitimate thematic applications with mining capacities to feed their greed,” said Roman Uncheck, a security researcher at Kaspersky Lab.
“As such, they are able to capitalize on each user twice-firstly via an ad display, and secondly via discreet crypto-mining.”
