Kaspersky Lab, the widely known Russian antivirus and cybersecurity company, has warned against malware that managed to slip through the safeguards on the Google Play app market and was until recently covertly mining cryptocurrencies. The operation was successful given the fact that an app fulfilled what it promised in the description and the malware was carefully disguised.
"The most popular apps we found of this type were soccer-related: a family of apps with names including PlacarTV (placar means “score” in Portuguese), one of which had been downloaded more than 100,000 times," the tech company’s blog reads.
The application appeared to contain the co-called Coinhive built-in miner, used for obtaining Monero coins while users were streaming football matches. And fair enough, there could hardly be any reason to feel suspicious, the blog notes:
"It’s a clever ruse, and not that easy to spot: Your mind is on the match, and watching videos heats up the phone and drains the battery anyway, just like the miner does, so you’ll have no reason to be suspicious."
Kaspersky Lab also told their blog readers about another miner, which had been found in a free VPN app called Vilny.net. This one monitored the phone’s temperature and battery charge and suspended mining as soon as the phone began to overheat not to draw the user’s attention.
In terms of performance, mobile gadgets could hardly rival turbo-speed desktop computers with cutting-edge graphics cards, but “the sheer number of devices makes up for their lack of power,” the company noted.
"We alerted Google about these apps, and the soccer-related ones have been removed from the Google Play store — Vilny.net is still available in the store, though," the company rounded off, adding that nobody could guarantee that no other covert malicious code would sneak into the Google Play store in the near future.
Kaspersky Lab is a Moscow-based multinational anti-virus provider founded in 1997 by Eugene Kaspersky.