25 apps hosting cryptojacking scripts found on Google Play Store

SophosLabs claims to have identified at least 25 Android apps published on the official Google Play Store containing scripts that facilitate cryptojacking activities on users’ computers.

In its report, the company noted that the apps in question have “been downloaded and installed more than 120,000 times.”

The report comes some two months after Google announced that it would no longer allow apps that mine cryptocurrency on devices. According to SophosLabs, the malicious malware were included in different applications—from educational to gaming and utility apps.

Out of the 25 apps, 22 were found to have an implementation of Coinhive’s code. The Coinhive script allows hackers to mine privacy-centric coin, Monero (XMR), without the knowledge of the device’s user. Meanwhile, Lighton and Mobeleader were discovered to have been hosting crypto mining scripts on their servers “presumably to thwart firewalls or parental controls/reputation services that might block Coinhive’s domain by default.”

Another app called A Paintbox for Kids was also found to have been running Xmrig, which was described as an open source CPU miner that can mine not just XMR but several other cryptocurrencies as well.

25 apps hosting cryptojacking scripts found on Google Play Store

Source: SophosLabs

According to SophosLabs report, apps containing the cryptojacking malware include Trance Droid by Happy Appys; Palkar by Palpostr.com; LHDS Vendors published by Taste of Life Group; Mobeleader from Abser Technologies; Helper for Knight Game from Evgeny Solovyov; and Dizi Fragmanları İzle from Oguzhan Kivrak.

The report also identified apps Game Viet 2048 from Thanhtu Media, Afterlife: RPG Clicker CCG by Levius LLC, Dominoes Games from Fun Board Games, A Paintbox For Kids by Uwe, Tapbugs and Dreamspell apps by Riccotz, Info Guru Pendidikan by Cakrawala Pengetahuan, and Lighton by Buyguard.

Meanwhile, 11 apps from Gadgetium were also found to contain an HTML page with a Coinhive-based miner. The apps were “preparation apps for standardized tests given in the U.S., exams such as the ACT, GRE, or SAT,” according to SophosLabs.

Google has clamped down on cryptocurrency activities that it deemed were harmful to customers. Earlier this year, Google banned the advertisement of cryptocurrencies and their related products. During this period, other platforms like Facebook and Twitter also banned cryptocurrency advertisements on their platforms. In April, some of Google’s platform like the Chrome Web Store banned cryptocurrency mining extensions.

Recently, it was reported that Google is planning to soften its stance on cryptocurrency. Google announced that it was going to update its crypto ads policy, as part of its bid to work more closely with regulated institutions in the United States and Japan.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post 25 apps hosting cryptojacking scripts found on Google Play Store appeared first on Coingeek.

Read More

Researchers discover new crypto malware-killing botnet

A new botnet which sets out to specifically kill a type of crypto mining malware has been discovered by security researchers at Qihoo 360Netlab.

Known as Fbot, the botnet appears to be based on derivative software from Mirai, an application generally used in DDoS attacks. However, in this case, the DDoS module has been deactivated, with the botnet instead searching for cryptojacking malware before replacing its code, thereby neutering its bad effects.

In particular, the botnet searches for instances of the com.ufo.miner, a variation on the Android based ADB.Miner for privacy-centric altcoin Monero.

According to the Qihoo team, the botnet distributes itself by searching for open ports, before uninstalling the com.ufo.miner software where present. The botnet effectively installs itself over the malware, destroys its malicious code, and then self-destructs, according to a report published by the researchers.

The botnet is also linked to a domain name which is only accessible through EmerDNS, rather than the standard DNS system. This means it becomes harder to detect, with those scanning only traditional DNS names unable to access its records.

“The choice of Fbot using EmerDNS other than traditional DNS is pretty interesting, it raised the bar for security researcher to find and track the botnet (security systems will fail if they only look for traditional DNS names),” according to the Qihoo 360Netlab blog post.

It comes at a time when the numbers of cryptojacking and malware attacks have reached record highs, with the last few months seeing particularly elevated activity around these types of crypto scams.

Cryptojacking malware is now so prevalent that it has been identified across the systems of several large businesses and government agencies, as well as the countless individuals affected worldwide. According to security researchers, incidents of cryptojacking have increased by 956% over the last year.

This has even prompted Firefox to announce their latest browser will automatically detect and block cryptojacking scripts, in a bid to fight against this surge in their use.

At this stage, it remains unclear whether the botnet was created with the intention of cleaning up malware, or whether it has been launched by rival scammers to clear out competing malware.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post Researchers discover new crypto malware-killing botnet appeared first on Coingeek.

Read More

Researchers discover new crypto malware-killing botnet

A new botnet which sets out to specifically kill a type of crypto mining malware has been discovered by security researchers at Qihoo 360Netlab.

Known as Fbot, the botnet appears to be based on derivative software from Mirai, an application generally used in DDoS attacks. However, in this case, the DDoS module has been deactivated, with the botnet instead searching for cryptojacking malware before replacing its code, thereby neutering its bad effects.

In particular, the botnet searches for instances of the com.ufo.miner, a variation on the Android based ADB.Miner for privacy-centric altcoin Monero.

According to the Qihoo team, the botnet distributes itself by searching for open ports, before uninstalling the com.ufo.miner software where present. The botnet effectively installs itself over the malware, destroys its malicious code, and then self-destructs, according to a report published by the researchers.

The botnet is also linked to a domain name which is only accessible through EmerDNS, rather than the standard DNS system. This means it becomes harder to detect, with those scanning only traditional DNS names unable to access its records.

“The choice of Fbot using EmerDNS other than traditional DNS is pretty interesting, it raised the bar for security researcher to find and track the botnet (security systems will fail if they only look for traditional DNS names),” according to the Qihoo 360Netlab blog post.

It comes at a time when the numbers of cryptojacking and malware attacks have reached record highs, with the last few months seeing particularly elevated activity around these types of crypto scams.

Cryptojacking malware is now so prevalent that it has been identified across the systems of several large businesses and government agencies, as well as the countless individuals affected worldwide. According to security researchers, incidents of cryptojacking have increased by 956% over the last year.

This has even prompted Firefox to announce their latest browser will automatically detect and block cryptojacking scripts, in a bid to fight against this surge in their use.

At this stage, it remains unclear whether the botnet was created with the intention of cleaning up malware, or whether it has been launched by rival scammers to clear out competing malware.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post Researchers discover new crypto malware-killing botnet appeared first on Coingeek.

Read More

Future Firefox browsers to block cryptojacking malware

Mozilla, the company behind popular web browser Firefox, is gearing up to automatically block malware scripts, including those that “silently mine cryptocurrencies” in future versions of Firefox.

Last week, Mozilla announced that it will soon implement an initiative to “protect users by blocking tracking while also offering a clear set of controls to give our users more choice over what information they share with sites.” The company cited Ghostery study, which noted that 55.4% of the total time required to load an average website is usually spent loading third-party trackers. For the users with slower networks, the loading time is even worse.

“Deceptive practices that invisibly collect identifiable user information or degrade user experience are becoming more common. For example, some trackers fingerprint users — a technique that allows them to invisibly identify users by their device properties, and which users are unable to control,” according to Mozilla. “Other sites have deployed cryptomining scripts that silently mine cryptocurrencies on the user’s device. Practices like these make the web a more hostile place to be. Future versions of Firefox will block these practices by default.”

This is the reason why Mozilla’s future web browsers will be equipped with a new feature—found in Firefox Nightly—which will block trackers that slow down page loads. This feature will be tested using a shield study starting September, and if the approach performs well, Mozilla plans to start blocking slow-loading trackers by default in Firefox 63.

The company has already stripped cookies and blocked storage access from third-party tracking content, a feature that Firefox Nightly users can already test out. If all goes according to plan, Mozilla said it will bring the protective feature to all Firefox 65 users.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post Future Firefox browsers to block cryptojacking malware appeared first on Coingeek.

Read More
Top
You have not selected any currencies to display