- Kaspersky Lab discovered multiple instances of malicious Android mining apps appearing on the Google Play Store.
- One of these apps was downloaded over 100,000 times before it was discovered and removed.
- Google has yet to issue a statement about the discovery of these malicious Android mining apps.
When you download an app from the Google Play Store, an assumption is made that Google has vetted that app to make it safe for you. While Google certainly does a great job with its policing of the store, with 3.5 million apps and counting, some malicious apps will inevitably make it through the filters.
It appears that’s just what happened with a slew of apps that secretly use your smartphone’s processor to mine cryptocurrency. Researchers at Kaspersky Lab found multiple malicious Android mining apps on the Google Play Store that look like your typical games, sports streaming apps, VPN’s, etc., but are actually crypto mining apps running without the user’s knowledge or consent.
Other apps keep tabs on CPU load as well as temperature to make sure that the code doesn’t use so much of the phone’s processing power that the user will notice. After all, if your phone gets hot from being overworked and you’re not doing anything, that might make you suspicious.
While CPU processors in smartphones are indeed not as powerful as those found in laptops and desktop computers, the sheer volume of systems able to mine crypto makes the illegal activity worth it.
After Kaspersky Lab found the malicious apps, it informed Google, which promptly removed them from the Google Play Store. However, the company has not made any public statement about the issue or how it will change its policies to prevent future infractions.
Recently, Google announced that it would be removing any and all crypto mining browser extensions from the Chrome Web Store, even if the extensions are legitimate. Perhaps it will enforce a similar rule on the Google Play Store in response to Kaspersky Lab’s findings.