An increasing number of attackers are using not only malware, but other risk tools, to hide mining capacities in popular football and VPN applications, researchers from Kaspersky Lab have discovered.
Kaspersky Lab says crypto-currency mining is becoming increasingly popular, and cyber criminals are taking full advantage of this, mining on computers, servers, laptops and mobile devices.
Old dog, new tricks
However, they no longer use mining malware only, but have started adding mining capacities to genuine applications and spreading them under the pretense of football broadcasting and VPN applications. To date, Brazil and Ukraine are the main victims.
Kaspersky Lab data reveals that football-related applications are the most popular applications in which to conceal their miners. For this, developers used the Coinhive JavaScript miner.
When a user launches the broadcast, the application opens an HTML file with the JavaScript miner embedded, converting visitors' CPU power to the Monero crypto-currency for its author's benefit.
According to the company, the applications were spread on the Google Play Store and the most popular of them was downloaded approximately 100 000 times, with 90% of downloads coming from Brazil.
The next most popular target for malicious miners are applications responsible for VPN-connections. A VPN, or virtual private network, allows users to gain access to Web resources, that would not otherwise be available due to local restrictions.
Kaspersky Lab found the Vilny.net miner, which has the ability to monitor the battery charge and the temperature of the device, is being used to obtain money with less risk for the attacked gadgets.
The app downloads an executable from the server and launches it in the background. Vilny.net was downloaded over 50 000 times, mostly by users in Ukraine and Russia.
Expanding resources
Roman Unuchek, security researcher at Kaspersky Lab, says: "Our findings show that authors of malicious miners are expanding their resources and developing their tactics and approach to perform more effective crypto-currency mining."
He says they are now using legitimate thematic applications with mining capacities to achieve their ends. Moreover, this new method allows them to capitalise on each user twice. Once via an ad display, and next by discreet crypto-mining.
Trusted sources
In order to protect against miners, the security giant advises users to disable the ability to install applications from sources other than official app stores. In addition, it says to keep the OS version of all devices up to date in order to reduce vulnerabilities in the software and lower the risk of attack.
Finally, only select applications from trusted and reliable vendors - especially those which are geared towards safeguarding your privacy when online, and install a trusted security solution.
Share