Kaspersky Lab researchers have discovered that more and more digital criminals are turning their attention to malicious cryptosmith mining software at the expense of mobile handhelds.
These criminals are becoming even more greedy, using not only malicious software but also dangerous tools, hiding mining functions in popular football and VPN applications to take advantage of hundreds of thousands of unsuspecting victims.
The hot topic of mining can not be ignored by digital criminals as they seek to increase their profits continuously. For this reason, they do mining on computers, servers, laptops and portable devices. However, it is not just the mining of malware they use. Kaspersky Lab experts have found evidence that criminals add extraction capabilities to legitimate applications, spreading them under the guise of football and VPN relay applications – with Brazil and Ukraine being their primary victims.
According to Kaspersky Lab data, the most popular “legitimate miners” are football-related applications. Their main function is to relay video footage and at the same time make discreet extraction of cryptoscopes. To this end, developers used Coinhive JavaScript Miner. When users start viewing, the application opens an HTML file with built-in JavaScript, converting CPU visitor power into the Monero cryoptic currency to the benefit of its creator. Apps are spreading through the Google Play Store and the most popular one is installed around 100,000 times. Almost all (90%) of the installations come from Brazil.
Legitimate applications, responsible for VPN connections, have become the second target of malicious miners. A VPN application is a Virtual Private Network, through which users, for example, can access online resources that otherwise would not be available due to local restrictions. Kaspersky Lab has detected the Vilny.net miner, which can control battery charge and device temperature – to make money with less risk for attacking gadgets. For this, the application downloads an executable file from the server and launches it in the background. Vilny.net was downloaded more than 50,000 times mainly by users in Ukraine and Russia.
Kaspersky Lab products successfully detect these applications as dangerous tools.
“Our findings show that the creators of these malicious miners are expanding their sources and evolving their tactics and approach to more efficient extraction of cryptosmonges. Now, they use legitimate thematic applications with mining capabilities to fuel their greed. Therefore, they can benefit from each user twice – firstly, through the display of advertisements and secondly, through discreet extraction of cryptoscopes, “said Roman Unuchek, Kaspersky Lab’s security researcher.
Kaspersky Lab researchers advise users to comply with the following steps to protect their devices and personal data from possible digital attacks:
Disable the ability to install apps from sources other than official app stores.
Keep up-to-date the operating system version of your device to reduce software vulnerabilities and attack risk.
Install a proven security solution to protect your device from possible digital attack.