It seems like every week we’re writing a new story about Android malware. A new report from Trend Micro suggests several apps on Google Play have been using native code injection to load dynamic JavaScript script in order to mine cryptocurrency. Two apps in particular were discovered using this method which can increase the wear and tear on your device, reduce battery life, and it can lead to a significant decrease in performance for your device.
Trend Micro detected the malicious code being used in two apps, both of which have over 50,000 downloads on the Google Play Store. One is a rosary app, while the other is designed to help you find discounts from various sites.
Both apps work the same way by loading a JavaScript library from Coinhive and begin mining using the attacker’s Coinhive site key. Trend Micro was able to analyze some of the samples of code to determine that these malicious apps are generating a profit for their users. In one example, the attacker made over $170 USD over an unknown period.
Trend Micro has alerted Google to the offending apps and they’ve since been removed from the Google Play Store, but this is just more evidence that you shouldn’t install some of the shadier apps without knowing fully what they do.