Satisnet Ltd, Basepoint Innovation Centre, 110 Butterfield Great Marlings, Luton, Bedfordshire, LU2 8DL enquiry@satisnet.co.uk
+44 (0) 1582 434320

Google Bans Cryptocurrency Apps

Google Bans Cryptocurrency Apps

Google Bans Cryptocurrency Apps

In recent news there have been reports of mobile devices combusting after installing some apps from the Google Play Store. These apps were later discovered to be Cryptocurrency miners, which had bypassed Google Play submission inspection. These kinds of operations, Cryptocurrency mining, are resource intensive, and are not designed to work on mobile devices. Most Enthusiast-grade Desktop Computers struggle with these operations, as they require the majority of RAM, CPU and if present, GPU power.

So, what's the problem?

Most of these applications weren’t advertised to have ‘mining’ capabilities, usually disguised as a “clicker game”; applications to pass the time idly. Because of this, it can be seen as a breach of Terms of Use for Google Play Store, as they require developers to divulge the core details of the applications; and thus by not divulging that the applications will mine currencies for the developer on the client device, this is a breach of the policy.

Is there a name for this kind of attack?

As it turns out there is; “Cryptojacking”. Cryptojacking is not just tied to the android market however, as Advertisements, Browser Extensions, and Desktop Applications have also been affected. Because of the allure of “free” money; Threat Actors are drawn to this practice as they aren’t risking shortening the lifespan of their own hardware, nor are they paying for the electricity/Broadband costs of mining.

What are the risks, and how do I prevent it?

Lets start with the risk;

  • Shortened equipment lifespan
  • Increased thermal performance, leading to Thermal Throttling/Intermittent Shutdowns
  • Higher than normal utility bills
  • Possible infection due to malicious code preventing removal

All of the above are side effects of mining on generalised hardware.

So how do you protect yourself? Well that depends on the attack surface of your device. Here are some steps I recommend to take;

  • Update your Operating System
  • Ensure you have endpoint protection for business environments (including COPE devices)
  • Ensure personal devices are running Anti malware (Most legitimate miners are blocked by default)
  • Only install extensions for browsers from trusted sources; triaging them for a time if possible

References

Kumar, M. (2017, July). Google Bans Cryptocurrency Mining Android Apps from the Play Store. Retrieved from The Hacker News: https://thehackernews.com/2018/07/android-cryptocurrency-mining.html