Russian Developer Snuck Cryptocurrency Mining into Android Apps

  /     /     /  
Publicated : 22/11/2024   Category : security


Russian Developer Snuck Cryptocurrency Mining into Android Apps


Apps found in Google Play turned mobile devices into cryptocurrency miners unbeknownst to their users, according to researchers from security firm Ixia.



A Russian developer installed cryptocurrency mining code in his popular crossword game app 
Puzzle
 as well as his in-game awards and bonuses app Reward Digger, without notifying users they would be mining cryptocurrency coins on his behalf, according to researchers.
Although its not illegal for developers to put cryptocurrency-mining capabilities into their own apps, the issue becomes an ethical one if users are not aware their mobile devices are being used to mine cryptocurrency, says Steve McGregory, who leads the Application & Threat Intelligence (ATI) team at Ixia that recently studied the rigged apps.
Oxothuk, the user name of the independent developer who created the two apps, included crypto-mining features in the apps without adequately informing users, McGregory told Dark Reading. Cryptocurrency mining consumes CPU power, electricity, and data usage as information is passed during the mining process, he notes, which can degrade device performance.
ATI discovered
 Oxothuks apps on Nov. 2 when it noticed their cryptocurrency mining capabilities. We found he was not disclosing what the apps were doing and that is deceptive to users, MGregory says. Puzzle alone has had 5 million to 10 million downloads.
One of the unique aspects of the apps is the creator shared his user name Oxothuk for the mining pools, rather than only list his wallet address to authenticate the miners, McGregory notes. He felt he was doing nothing wrong at all, whereas others who know they are being deceptive will not want to be found and will try to obfuscate their identity, says McGregory.
Indeed. Oxothuk, in an interview with Dark Reading, contends that he informed his users of his mining intent in the apps terms and conditions. He says some hackers instead hide their cryptocurrency mining intent from users and chew up their CPU power without their permission.
Regardless, Reward Digger was taken offline by Google after ATI reported the app, and Puzzle was updated on Nov. 8. But McGregory notes that the Puzzle app continues to trick users into letting them earn in-game coins while Oxothuk earns real crypto-currency coins.
Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity
agenda here
.
Related Content
:
Cybercriminals Employ Driveby Cryptocurrency Mining
How to Make a Ransomware Payment - Fast
5 Reasons Why the CISO is a Cryptocurrency Skeptic
 

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Russian Developer Snuck Cryptocurrency Mining into Android Apps