Malware authors continue to upload malicious apps contains hidden Cryptomining Script to Google play, even though it was entirely banned. Attackers uploaded apps poses as games, utilities, and educational apps contain hidden cryptomining scripts.
SophosLabs spotted more than 25 malicious apps that contain hidden coinhive cryptomining scripts turning victims device into cryptocurrency churning rigs. 11 of the 25 apps are the standardized tests given in the US such as ACT, GRE, or SAT exams.
The malicious apps have been downloaded more than 120,000 times from Google play store. The hidden coinhive script in the app mine’s monero cryptocurrency.
Researchers observed most of the apps used coinhive mining scripts, two of the apps hosted mining scripts on their own servers and one app using XMRig.