Fresh malware that uses a device&rsquo,s own computing power to mine Monero can render an Android smartphone unusable, security rock-hard Trend Micro warned Wendesday.
Called HiddenMiner, so far the malware has bot found only te India and China, tho’ researchers expect it will spread.
The malware lives up to its name. Not only does the malware hide te the background out of view from the user, but it also hides te plain view&mdash,posing spil a legitimate Google Play update app ter third-party app marketplaces, according to a blog postbode by Trend Micro mobile threats analyst Lorin Wu.
The malware pops up spil com.google.android.provider accomplish with Google Play&rsquo,s icon, requiring users to activate it spil a device administrator. It&rsquo,s stubborn about it, too&mdash,persistently popping up until someone clicks the Activate button, Wu wrote.
Bitcoin mining malware could harm Android devices it infects, experts at Trend Micro warned.
Once activated, HiddenMiner starts mining Monero te the background and won&rsquo,t zekering until it drains a battery and ultimately bricks a device, Wu wrote.
&ldquo,There is no switch, controller or optimizer te HiddenMiner&rsquo,s code, which means it will continuously mine Monero until the device&rsquo,s resources are fatigued,&rdquo, she wrote. &ldquo,Given HiddenMiner&rsquo,s nature, it could cause the affected device to overheat and potentially fail.&rdquo,
Wu compared the malware to a previously found Monero-mining Android malware, Loapi. That malware also drained battery power&mdash,so quick it would actually cause the battery to bloat and even start to melt. Wu noted that Loapi&rsquo,s technology of locking the screen after revoking device administration permissions also is similar to the technology HiddenMiner uses.
There are two key features of HiddenMiner that make it act so maliciously. One is that it locks users out of their own devices by leveraging its role spil administrator, which it voorwaarde do to even run on a device.
Once HiddenMiner is installed, users can&rsquo,t uninstall it until they liquidate device administrator privileges, Wu wrote. They can&rsquo,t do this ter the case of HiddenMiner, however, spil the malware exploits a bug found te Android OSes&mdash,except Nougat, or Anroid 7.0&ndash,that locks the device&rsquo,s screen when a user wants to deactivate its device administrator privileges, she said.
Cryptocurrency-mining malware discovered by Trend Micro called HiddenMiner locks users out of their devices by taking on administrator privileges.
Another key feature of HiddenMiner that makes it so sneaky is that it has a number of technologies to hide itself ter devices. One is that it tricks unsuspicious users by emptying the app label and using a translucent icon after installation, Wu said.
It also leverages its role spil device administrator to hide the app from the app launcher by calling setComponentEnableSetting(), and remains running with device-adminstrator permission until the user reboots the device again, Wu wrote. Thesis technologies take a pagina out of the DoubleHidden Android adware playbook, which acts similary, she said.
Emulation can&rsquo,t catch HiddenMiner, either. The malware checks if it&rsquo,s running on an emulator by manhandling an Android emulator detector found on Github, thereby bypassing detection and automated analysis, Wu wrote.
Mining for cryptocurrency
Trend Micro researchers found Monero mining pools and wallets connected to the malware, with one of its operators withdrawing the omschrijving of US$Five,360 ter one of the wallets. Wu noted that this is &ldquo,a rather active campaign&rdquo, te terms of ones already discovered that use infected devices to mine cryptocurrency.
Malware that targets and mines cryptocurrency is on the rise spil thesis types of currencies also become more widespread ter use. While Bitcoin and Monero remain the two most popular types of cryptocurrency&mdash,and thus the thickest targets of malware campaigns&ndash,spil of December 2018 there were almost 1,500 cryptocurrencies ter use globally.
&ldquo,HiddenMiner is yet another example of how cybercriminals are railing the cryptocurrency mining wave,&rdquo, Wu wrote. For this reason, she said it&rsquo,s significant that users and businesses only download apps from official app marketplaces, regularly update the device&rsquo,s OS, and practice prudence with the permissions granted to applications.
Wu also suggested, natch, that several Trend Micro security solutions&mdash,such spil Mobile Security for Android and Mobile App Reputation Service&ndash,be used to protect Android users from malware, zero-day and known exploits, privacy leaks, and application vulnerability.