How Hackers Are Using Your Apps To Mine Cryptocurrency


We all probably wish we jumped on the cryptocurrency bandwagon a little earlier and then got off back in December. But, even with the recent volatility in the price of cryptocurrencies, especially Bitcoin, the interest in alternative currencies remains high in the media and the mainstream population. At the same time, Bitcoin alternatives like Monero and Ethereum continue a steady stealthy upward valuation — putting them squarely in the eyesight of hackers looking for anonymous transactions and security loopholes to make quick profits.

Namely cryptocurrency mining, or crypto mining is nothing new, dating back to 2014, and injecting code into unsuspected users beyond standard laptops, computers or servers is a growing sport — now affecting everything from video games to Internet-of-Things toasters to mobile devices. Mobile crypto mining was something of a hacker’s pipedream due to the low processing power of smartphones, but now with a little extra elbow grease, some older hacking techniques are turning into a viable option for cryptocurrency mining.

Here are the current trending techniques that we feel are gaining traction, first is phishing; this tactic is usually done by attracting users to click links or download unidentified files or apps. When it comes to phishing with mobile apps, hackers often insert malware into apps and redistribute them. Second is botnets; a network of infected devices created and controlled by hackers for subsequent attacks. Hackers can use this network of mobile devices to mine or carry out added attacks like DDoS attacks.

Present Attacks

Phishing is a hacker trick that has been haunting users and apps stores for years. Ways around phishing have evolved a lot – from emails with unknown links and attachments to SMS messages to malicious mobile apps. And, now with that rise in cryptocurrency values, hackers have been able to use that malicious technique to mine currency through mobile apps. A common way is to create copycat apps with the added sprinkle of mining malware buried to fool Google vetting and end users. This, in turn, gives hackers access devices when the app is installed. Once the evil app compromises a device, it can also download additional malicious programs without the user’s knowledge as well as open the phone up to control by hackers.

Researchers at Symantec have found out that hackers can run crypto mining programs completely silent in the background and not even be visual in the interface. These apps can be mining currency all without a users knowledge, leading to higher battery drain and less responsive user experiences across the device. This process is usually done by adding mining libraries as a modified version, which then fetches a configuration file from the hackers own server to send currency to a digital wallet.

“With mining, it’s kind of like letting a stranger live in a van across the street and have access to your internet connection and your power subscription,” said James Nguyen, mobile product manager for cybersecurity firm Symantec in an article from MotherBoard.

It seems this trend of targeting mobile devices to mining on the go is only going to increase. And, they aren’t just happening in North America, where it is roughly only 20%. The most prominent hits are happening in Russia with over 50%. Research done by Symantec discovered 26 Android apps with mining malware in 2016 and 35 more in 2017, which is an increase of about 34 percent year over year. Giving 2018 a target, on the low-end of about 45 apps, and those are the ones that will be discovered to have mining malware. But, decompiling and app-deceiving is just one way for hackers to mine crypto using your phone as the digital shovel.

Future Attacks

Much like phishing, botnets have been around but being reimagined and re-engineered for modern crypto mining, is new. The first mobile botnet-infections was discovered in 2011 with the attacks of DroidDream and Geinimi — both apps had botnet-like malware that compromised Android devices.

Botnets gained root access to mobile devices through trojan horses — hitching a ride on the download and installation process of one of the applications available on app stores. This was the case for the botnet ‘BadLepricon’ discovered by Lookout in 2014. It was developed to maximize mining output for a single device, only running when the display was off, and the battery was above 50%, protecting the phone from overheating — to not alert suspicion.

Although passed botnet mining attacks on mobile held limited reliability due to a mobile devices battery life and processing power, which destroys devices and ultimately raises user suspicion. New attacks will inevitably occur due to phones continuing to increase in power, processing, and availability worldwide. Also, using techniques like ‘BadLepricon’ and others, evil botnet applications, running on more powerful devices could mine for months without a single user or finding anything out of the ordinary.


As cryptocurrency becomes even more mainstream and possibly standardized, hackers will continue to dust off old techniques to steal a slice of the digital pie. Furthermore, as the world moves further — hard to think how, but we continue to — toward a mobile world, crypto mobile mining malware will go far beyond the few we have talked about above, and onto further evolutions and new attacks.

To minimize these types malware insertion, developers need to consider adding sufficient security measures in advance. Even if they don’t have enough security expertise, there are various third-party mobile app security solutions available in the market, such as AppSolid. We also recommend that developers keep an eye on the security status after apps are launched so that they can take action quickly if any accidents occur. Moreover, users need to be informed about what to look out for when downloading apps, like only using official app stores and reading credentials and reviews before installing.


Leave a Reply

%d bloggers like this: