Cryptomining malware is being hidden in football and VPN apps

Published on: 6 Apr 2018

Cyber criminals are hiding mining capacities in popular football and VPN applications to profit from hundreds of thousands of unknowing victims.

Researchers from Kaspersky Lab have found that criminals are adding mining capacities to legitimate applications and spreading them under the guise of football broadcasting and VPN applications.

These apps broadcast football videos while discreetly mining cryptocurrencies using the Coinhive JavaScript miner.

When users launch the broadcast, the application opens an HTML file with the JavaScript miner embedded. This converts visitors’ CPU power to the Monero cryptocurrency for its author’s benefit.

The applications have been spread via the Google Play Store and the most popular example has been downloaded around 100,000 times with nearly all (90 per cent) of these downloads originating from Brazil.

In the case of VPN-related mining apps, these download an executable from the server and launch it in the background, monitoring battery charge and the temperature of the device to obtain money more discreetly.

Roman Unuchek, a security researcher at Kaspersky Lab, claimed that authors of malicious miners are expanding their resources and developing their tactics and approach to perform more effective cryptocurrency mining.

“They are now using legitimate thematic applications with mining capacities to feed their greed. As such, they are able to capitalise on each user twice - firstly via an ad display, and secondly via discreet crypto-mining,” he commented.