Font Size: A A A


Malicious miners

More and more cyber criminals are turning their attention to malicious software that is mining cryptocurrencies at the expense of users’ mobile devices. These criminals are getting greedier and now use not only malware, but also risk tools, hiding mining capacities in popular football and VPN applications to profit from hundreds of thousands of victims without their knowledge, according to the cyber security product company Kaspersky Lab.

The hot topic of crypto-currency mining could not be ignored by cyber criminals, as they seek to increase their profits. They are mining on computers, servers, laptops and mobile devices. However, it is not only mining malware that they use. The experts at Kaspersky Lab found evidence showing that criminals are adding mining capacities into legitimate applications and spreading them under the guise of football broadcasting and VPN applications – with Brazil and Ukraine as the main victims.

According to Kaspersky Lab data, the most popular “legitimate miners” are football-related applications. Their main function is to broadcast football videos while discreetly mining crypto currencies. For this, developers used the Coinhive JavaScript miner. When users launch the broadcast, the application opens an HTML file with the JavaScript miner embedded, converting visitors’ CPU power to the Monero cryptocurrency for its author’s benefit. The applications were spread via the Google Play Store and the most popular of them was downloaded around 100,000 times. Nearly all (90 per cent) of these downloads originated from Brazil.

Legitimate applications, responsible for VPN-connections, became the second target for malicious miners. A VPN is a Virtual Private Network, via which users, for instance, can get access to web resources, that would not otherwise be available due to local restrictions. Kaspersky Lab found the miner, which is able to monitor the battery charge and the temperature of the device – to obtain money with less risk for the attacked gadgets. For this, the app downloads an executable from the server and launches it in the background. was downloaded over 50,000 times – mostly by users in Ukraine and Russia.

David Emm, principal security researcher at Kaspersky Lab, pictured, said: “From our findings, we have found that authors of malicious miners are performing more effective crypto-currency mining by expanding their resources and developing their approach. These miners are able to exploit each victim twice – the first time through an ad display, and the second through discreet crypto-mining. They are doing all of this using legitimate thematic applications with mining capacities to satisfy their greed.”


Related News