Cryptocoin Mining Malware Infects Millions Of Android Devices

<h2 style&equals;"text-align&colon; justify"><&sol;h2>&NewLine;<p style&equals;"text-align&colon; justify">A security research firm has found at least two apps in the Google Play store that include code for mining cryptocoin&period; Researchers at Trend Micro identified the apps as &OpenCurlyDoubleQuote;Songs” and &OpenCurlyDoubleQuote;Prized&period;” Since both of the apps in question have been downloaded between one million and five million times&comma; it is possible that as many as ten million Android devices have been infected with the cryptocoin-mining code&period;<&sol;p>&NewLine;<p style&equals;"text-align&colon; justify">The discovery is significant because of the high number of downloads both of the apps have received&comma; and because both of the apps were available for download in the Google Play store&period; It is not uncommon for hackers to append cryptocoin-mining code to repackaged versions of popular apps and make them available for download outside of the Google Play store&comma; but the fact that two popular apps available inside the official Android marketplace were infected with the malware raises serious concerns about the security of Google Play in general&period;<&sol;p>&NewLine;<p style&equals;"text-align&colon; justify">According to technology expert&comma; Jason Hope&comma; &lpar;https&colon;&sol;&sol;www&period;facebook&period;com&sol;jason&period;r&period;hope&rpar; the Play store’s status as an open marketplace is bound to raise security concerns&period;<&sol;p>&NewLine;<p style&equals;"text-align&colon; justify">&OpenCurlyDoubleQuote;We’re talking about two major apps that have both been downloaded millions of times&comma; not just some small-time thing that was thrown together by a fly-by-night operation&comma;” explained Mr&period; Hope&period; &OpenCurlyDoubleQuote;Google Play was always meant to be a relatively open platform&comma; and that’s always been a good thing in terms of innovation and the variety of apps that were available for download&period; However&comma; with that openness was always going to come some degree of risk&period; How Google responds to this announcement will say a lot about how much of a priority security really is for them&period;”<&sol;p>&NewLine;<p style&equals;"text-align&colon; justify">The mining code seizes control of a mobile device’s processing capability once it detects that the device is connected to the Internet&period; The miner will then operate in the background while connected to an anonymous mining pool&comma; without the owner’s awareness&period; The extra processing power and battery life that the miner saps from the devices can cause numerous problems for devices owners&comma; including the need to charge batteries frequently&comma; which can in turn cause the battery to wear down over time and eventually require replacement&period;<&sol;p>&NewLine;<p style&equals;"text-align&colon; justify">The Trend Micro report said that the apps it identified actually did include a request to run the miner in the terms and conditions that users are required to agree with when downloading the apps&period; However&comma; the report says that most users agreed to download the apps anyway because of the vague language used in the terms and conditions&period; According to the tech expert&comma; this highlights one of the key problems with security in the Play store&period;<&sol;p>&NewLine;<p style&equals;"text-align&colon; justify">&OpenCurlyDoubleQuote;It’s one thing to ask for disclosure in terms and conditions statements&comma; but it’s another thing entirely to require terms and conditions that people can actually understand&period; The average app user is not a lawyer&comma; so they may not have any idea what they’re agreeing to when they click &OpenCurlyDoubleQuote;OK” to install an app&period; This is just one particularly blatant example of app manufacturers using vague language to bamboozle users&comma; but it’s something that happens all the time&comma; even with legitimate app developers&period;”<&sol;p>&NewLine;<p style&equals;"text-align&colon; justify">The announcement also creates more questions about the security of cryptocoin&comma; in the wake of the recent Mt&period; Gox insolvency&period; The bitcoin exchange&comma; which was the largest and most visible crytocoin exchange in the world at the time&comma; lost as much as &dollar;400 million worth of bitcoin due to poor security&period; Even though the code in question was taken from a legitimate cryptocoin mining app and then repurposed as malware&comma; just the very fact that cryptocoin was associated with a security breach could be enough to give observers a bad feeling&period;<&sol;p>&NewLine;<p style&equals;"text-align&colon; justify">&OpenCurlyDoubleQuote;It’s only been in the past year or so that your average consumer started to become aware of cryptocoin&comma; and then we had Mt&period; Gox&comma; which was an absolute fiasco&comma; from a public relations standpoint&period; The whole idea of cryptocurrency is that it’s supposed to exist as a part of an open community&comma; without the need for governmental regulations&period; If we keep getting one story after another that seems to indicate that the community isn’t functioning properly&comma; that really draws into question what future cryptocoin has on a large scale&period;&&num;8221&semi;<&sol;p>&NewLine;<p style&equals;"text-align&colon; justify">About Author&colon;  Amy Taylor is a business and technology writer&period;  Amy began her career as a small business owner in Phoenix&comma; AZ&period;  She enjoys writing about business technology trends&period;  When she isn’t writing&comma; she enjoys hiking with her Alaskan Malamute&comma; Sam&period;<&sol;p>&NewLine;