HiddenMiner Android Monero Mining Malware Potentially Cause Device Failure

HiddenMiner Android Monero Mining Malware Potentially Cause Device Failure

A new Android malware that can surreptitiously use the infected device’s computing power to mine Monero. Trend Micro detects this as ANDROIDOS_HIDDENMINER. This Monero-mining Android app’s self-protection and persistence mechanisms include hiding itself from the unwitting user and abusing the Device Administrator feature

The IT security researchers at Trend Micro have discovered a sophisticated Moreno mining malware targeting Android users in the name of fake Google Play update. As of now, its prime targets are users in China and India since third-party apps are popular in both countries.

HiddenMiner Hides Behind Fake Google Play Update App
Dubbed HiddenMiner by researchers the malware hides behind a legitimate looking Google Play update app. Once the app is installed it requires users to activate it as a device administrator and displays persistent pop-ups until victims click the Activate button.

Upon granting the required permission the malware starts using computer (CPU) power of the targeted device to mine Monero cryptocurrency. According to Trend Micro’s blog post, it has been noted that HiddenMiner continuously mines Monero until the next device boot causing it to overheat and potentially fail.

HiddenMiner works similar to Loapi malware that was found a couple of months ago in over 20 third-party Android apps. Loapi also used CPU power of targeted devices to mine Monero cryptocurrency however it also conducted DDoS attacks causing the phone’s battery to the bulge that leads to the destruction of the phone after few days of its installation.

HiddenMiner Is A Profitable Malware
As for HiddenMiner, the researchers have noted that on March 26th, 2018 attackers withdrew 26 Monero (XMR) which is around $5219.76. This means HiddenMiner is a profitable malware and actively targeting Android users without their knowledge.

HiddenMiner Android Monero Mining Malware Cause Device Failure
Monero wallet address used by the attacker Capable Of Hiding And Evading Detection
Moreover, the reason for HiddenMiner’s successful operation is that the malware is equipped with anti-emulator capabilities, therefore, it bypasses detection and automated analysis.

It also uses several techniques to hide itself in devices, such as emptying the app label and using a transparent icon after installation.