It seems like there is a phone app for just about anything you could want. You can monitor your blood sugar levels, turn on your dryer while at work, even find the perfect person to walk your dog. However, no one probably envisioned that someone would create cryptojacking apps that would be available through the Microsoft Play Store.
That appears to be the case, as Microsoft was forced to remove eight apps that would allow crypto miners to use the processing power of an individual’s phone to help them to mine for cryptocurrencies. This is done without the consent and often without the knowledge of the owner.
Symantec makes discovery
On January 17, cybersecurity giant Symantec notified Microsoft that there were eight apps offered through their online store that contained malicious malware. This malware would draw on the phone’s processor to allow the app developers to mine for cryptocurrencies.
According to Symantec, three developers were responsible for the apps – DigiDream, 1clean, and Findoo. While there were three companies involved, it is believed that all eight programs were actually created by the same developer, or group of developers.
Most were lured into the program as a free download in the Microsoft app store. Through the use of a keyword search, users would find the app, download it, and it would not be long before their CPU, battery, web browser, and data were being used to help the developer to mine for the digital currency.
The downloaded app would trigger the running of the Google Tag Manager. This new program would immediately start to drain the resources of the user, often with them being completely unaware that someone had hacked their phone and was using it for this purpose.
The need for power
Since the creation of cryptocurrencies, programmers and developers have sought to create programs that would enable them to mine for more. There is no regulating agency or financial institution that is creating these currencies, meaning that developers who are able to create the right algorithm would have the potential to make a lot of money by finding these coins.
However, it can take a lot of resources to be successful. Before the crash of the Venezuelan economy, many within the country allowed miners to use their electricity and processors because electricity was free.
After the collapse, these developers have turned to alternative means to find the resources and cryptojacking has become a common means to accomplish this goal. Where this may seem to be an inconvenience to most, the truth is that this issue has passed ransomware as the biggest cybersecurity threat.
These malware programs have the potential to earn the developer millions of dollars. They were specifically mining for the Monero (XMR) coin. How successful they have been and how many downloads were made is not known. It is a cautionary tale to consumers to not only be careful what you download but to also monitor if there are changes in how your phone operates.
New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.
