Analysis by: Veo Zhang

 THREAT SUBTYPE:

Click Fraud, Hacking/Cracking Tool

 PLATFORM:

Android

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

Infection Channel: Via app stores

This mobile malware is capable of mining specific cryptocurrencies via mobile.

To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.

This cryptocurrency-mining app is found in Google Play. The app has been used to mine cyptocurrency for cybercriminals from infected Android devices, leading to battery drain issues.

  TECHNICAL DETAILS

File Size: 5,051,117 bytes
File Type: APK
Memory Resident: Yes
Initial Samples Received Date: 19 Mar 2014
Payload: Battery drain, Connects to URLs/IPs

NOTES:

This cryptocurrency miner may be found in several apps available in Google Play.

Analysis of the app code reveals the cryptocurrency mining code occurs when the mobile device is charging. Therefore, the increased energy usage goes unnoticed.

This malware can also mine for other cryptocurrencies apart from bitcoin.

Symptoms of infected devices are slow charging and overheating.

  SOLUTION

Minimum Scan Engine: 9.700
TMMS Pattern File: 1.703.00
TMMS Pattern Date: 28 Mar 2014

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.

Download and install the Trend Micro Mobile Security App via Google Play.


Did this description help? Tell us how we did.