Google Play Store stuffed with fake cryptomining apps

cryptocurrency
(Image credit: Yevhen Vitte / Shutterstock)

Cybersecurity researchers have once again helped Google evict malicious apps from the official Play Store that falsely advertised themselves as cryptomining services.

Security firm Trend Micro flagged eight such Android apps, which asked users to pay for cloud mining operations that didn’t exist.

“Upon analysis, we discovered that these malicious apps only trick victims into watching ads, paying for subscription services that have an average monthly fee of $15, and paying for increased mining capabilities without getting anything in return,” wrote Cifer Fang, Mobile Threat Analyst at Trend Micro.

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> <a href="https://project.tolunastart.com/tqsruntime/main?surveyData=LFFFsT0HpgsyUe0tTFumBJohXK8Sedt0ARpsCF4DRGR+oCoVbvd+2+d8+UNIIx4L" data-link-merchant="project.tolunastart.com"" target="_blank">Click here to start the survey in a new window <<

According to Fang, all of the eight flagged apps were found to be infected with either the AndroidOS_FakeMinerPay or the AndroidOS_FakeMinerAd malware.

Uphill battle

This isn’t the first time researchers have found fraudulent apps in the Play Store that hope to cash in on the cryptocurrency craze.

Just last month, the Lookout Threat Lab identified about 170 such apps, over two dozen of which were listed on the Play Store, and managed to fool thousands of users into paying for non-existent cloud mining operations. 

As before, Google acted swiftly to remove the eight malicious apps highlighted by Trend Micro. However, this is just the tip of the iceberg.

“Based on Trend Micro Mobile App Reputation Service (MARS) data, more than 120 fake cryptocurrency mining apps are still available online. These apps, which do not have cryptocurrency mining capabilities and deceive users into watching in-app ads, have affected more than 4,500 users globally from July 2020 to July 2021,” reveals Fang.

Although some malicious apps are able to make their way onto the Play Store, to shield against threats, users are advised to download applications from official apps stores exclusively, and to research new services online to verify their legitimacy.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.