Mining Bitcoin and other cryptocurrencies requires a lot of computing power. To obtain such power, some are releasing malicious Android apps on the Google Play store that secretly turn the device housing them into miniature rigs contributing to large-scale cryptorrency mining operation.
In a company blog post, Trend Micro references earlier research conducted by G Data mobile security that uncovered a malware family known as ANDROIDOS_KAGECOIN.HBT, which had been spotted running in the background of the mobile apps Football Manager Handheld and TuneIn Radio.
While those apps were not available in the Google Play store, Trend Micro has since identified apps within Google's mobile app marketplace that use the same approach, and which "have been downloaded by millions of users." This includes a music app called Songs and a shopping app called Prized.
In the post, which was published March 25, Trend Micro claimed it informed Google about the malicious apps it discovered. A search on the afternoon of the 27th showed the Songs app still available in the Play store.
Once the device connects to the internet, the mining capabilities kick into action in the background. Although Trend Micro warns that hijacking a bot network of mobile devices will only earn money "at a glacial pace," the company gives one example in which an attacker allegedly used this approach to mine and sell "thousands" of units of cryptocurrencies, including Dogecoin and Bitcoin.
"We believe that with thousands of affected devices, cybercriminal accumulated a great deal of Dogecoins," Trend Micro's blog post reads.
Those who have downloaded the app may experience degraded battery life or high temperatures of the device, as cryptocurrency mining requires the device running at high capacity.
"Users with phones and tablets that are suddenly charging slowly, running hot, or quickly running out of batteries may want to consider if they have been exposed to this or similar threats," the report warns.