Three apps from Google Play Store were discovered to contain malware used to secretly mine cryptocurrency.

These apps were Recitiamo Santo Rosario Free, SafetyNet Wireless App, and Car Wallpaper HD: Mercedes, Ferrari, bmw and audi

In cryptocurrency mining, resources such as CPU and GPU are utilized to contribute to the computing power of mining pools and consequently produce income.  Due to hackers’ creativity, different kinds of malware emerged that lets attackers to temporarily borrow the computing power of a target device to generate cryptocurrency for the attacker.

The malware in these three apps injects a malicious javascript library code retrieved from Coinhive, a web mining host, and start mining for the attacker’s own cryptocurrency address.  The mining tool used is called cpuminer, a legitimate crypto miner.

The mining code fetches a configuration file from the attackers’ personal server, which uses a dynamic DNS service, and provides information on its mining pool via the Stratum mining protocol.

In this regard, Google has already removed these three reported malicious apps from their Play Store.

It is a given that Google Play Store, albeit its capability to screen developers’ projects, cannot filter every single application uploaded in Play Store.  The best solution to steer clear from malicious apps is to be wary of the application, to verify the legitimacy of its developer, and to check user reviews prior to installing the application.


Manny Cuevas

My name is Manny Cuevas a Security Researcher / Engineer for about 15 years that focuses on Web and Mobile applications and other platforms from the Island of Sulu, Philippines. I’m also a scientist, inventor and a top ranked hacker in the world that bypass all security systems.


Leave a Reply

Your email address will not be published. Required fields are marked *