News Android Monero-Mining Malware Can Cause Device Failure

Android Monero-Mining Malware Can Cause Device Failure


- Advertisment -

HiddenMiner malware

Trend Micro security experts have warned users today about a new type of Android malware that infects devices and untetheredly mines Monero in the phone’s background until the battery is exhausted or the device gives out.

Called HiddenMiner, this malware has been spotted inside apps distributed via third-party stores. Researchers say that most of the infected users are based either in China or India.

Experts say they’ve tracked the malware’s operations back to a mining pool where crooks made 26 XMR (around $5,400).

HiddenMiner needs access to an administrator account

HiddenMiner is not the first untethered Monero-mining malware that affects Android devices. The first was Loapi, spotted last December.

HiddenMiner took inspiration from Loapi because just like the aforementioned, HiddenMiner works by tricking users into giving it access to an administrator account.

The malware then uses this account to hide the original app behind transparent app icon, and immediately start a Monero miner that runs at all times in the phone’s background.

“There is no switch, controller or optimizer in HiddenMiner’s code, which means it will continuously mine Monero until the device’s resources are exhausted. Given HiddenMiner’s nature, it could cause the affected device to overheat and potentially fail,” said Lorin Wu, a Mobile Threat Analyst for Trend Micro.

HiddenMiner can also lock users screens

But this isn’t HiddenMiner’s only malicious feature. The trojan also locks the user’s device whenever it detects an attempt to remote its administrator account on Android 6.0 devices and earlier. This behavior has been seen before in the LokiBot Android banking trojan.

Unfortunately, only by removing the admin account, a user will be able to remove the trojan from his device before the battery overheats and gives out, potentially destroying the rest of the device.

The only way to remove the administrator account is to reboot the device in Safe Mode and uninstall the rogue admin account, along with the HiddenMiner-infected app from there.

Currently, crooks are using a fake Google Play Store updater app ( to distribute HiddenMiner via third-party app stores, but experts expect crooks to diversify their portfolio and even start infecting users in other areas of the globe.

Image credits: Julien Deveaux, Bleeping Computer

Source link


Please enter your comment!
Please enter your name here

Latest news

GoCrypto presents truly contactless payments with a simple solution for merchants and buyers

7 April 2020 — The recent events have rapidly changed the way we live, including our shopping...

Bitcoin SV has found a new niche in the gaming industry

Gaming companies and online casinos are increasingly paying attention to cryptocurrencies as a possible payment tool. Several...

Why could GLBrain become a great solution to receive support during the crisis?

To support smaller and medium-sized businesses during the ongoing crisis, GLBrain offers services cost-free for all Austrians....

Make Fast and Secure Trades Using is a Cryptocurrency trading platform that allows users to buy and sell their Cryptocurrency in a...
- Advertisement -Android Monero-Mining Malware Can Cause Device Failure

Network Security Using Cryptography: Everything you need to know

This article will describe what is Network Security Using Cryptography and everything you need to know before...

Mercuriex Cryptocurrency Exchange Launches New Utility Token, SURF

MercuriEx Cryptocurrency Exchange, originally developed in 2017, came under new ownership in December 2019. Since taking over the exchange,...

Must read

- Advertisement -

You might also likeRELATED
Recommended to you