Beware of Malicious Cryptominers Targeting Android Devices

The rapid development, adoption and increased value of cryptocurrency over the recent years have meant that cybercriminals are ramping up efforts to obtain the various types of cryptocurrencies through illegitimate means. Just last June, for example, there were hacks involving South Korean cryptocurrency exchanges, Bithumb and Coilrail, that saw an estimated loss of 71 million dollars in digital currency.

Besides outright stealing cryptocurrencies from users and exchanges, cybercriminals are also resorting to more obfuscated methods to obtain digital money in dishonest ways. Malicious cryptomining schemes is one that comes to mind. It is now becoming a method of choice for cybercriminals, with the threat becoming very pervasive not only on servers or laptops, but also on phones, said Sumit Bansal, Sophos Senior Director for ASEAN and Korea.

Citing Android phones as an example, Sumit mentioned that Sophos had discovered around 19 apps that contained hidden cryptomining or cryptojacking software on the Google Play Store. What a cryptomining malware basically does is it takes over a device’s resources in order to mine for cryptocurrency without the user's explicit permission. With over 2 billion monthly active devices running on Android, it isn’t surprising that Google Play has become a very popular malware distribution point to infect smartphones with cryptocurrency miners. However, phones could also be infected through malware-laced apps downloaded from outside Google’s official app store.

A scary thought is that many of the cryptominers have been customised in various ways to best avoid detection. An example that Sumit mentioned was a malware called Coinhive, which cryptomines Monero, that can detect that a phone is being charged before it starts its covert cryptomining processes, presumably because that’s when phones are left idle and they can get the most out of the phones’ resources.

This, of course, presents a new, worrisome dimension to the trend that Android users need to be aware of. Moreover, it presents a bigger concern for businesses who rely on the Android platform, as they would need to ensure their customers are protected against potential attacks.

Nevertheless, Sumit gave the assurance that it’s not a lost battle and there are ways to stop this growing menace. “Using next generation technologies of endpoint protection, you can stop it (cryptomining malware) on the phone. In Sophos we call it Sophos Mobile Security. Even before you download an app onto the phone, we actually do a scan to see if it’s got malware hidden inside, and then we stop that. But even if we missed it, we will detect it if it’s starting to use the resources or certain files,” he said.

One of the next generation technologies that Sumit mentioned in particular was deep learning, which Sophos has introduced into its product. Deep learning is a subset of machine learning in which artificial neural networks are adapted for greater results. Sumit explained, “What we’ve seen in the marketplace is a lot of players out there who are also claiming to have AI, but ours is unique because we’re using deep learning, which allows us to use larger sets of sample data to make it become more predictive. So, we can train and test our security engine, and we can predictively stop yet unseen threats in the next six weeks.”

What that translate into is very high accuracy and low false positives. He gave the example that a typical machine learning engine in security would have one false positive in 100 samples. But in deep learning, it’s one in 10,000. So it makes a huge difference.

He concluded by saying that although it’s great to have all these technologies, properly educating and training users on cybersecurity can tremendously help lessen the chances of an enterprise becoming a victim of cybercrime. At the end of the day, “it’s the people clicking on phishing emails that can cause this issue. The people piece is very, very important. Because no matter how many technologies you implement, if someone clicks on a bad URL, you’re going to get hit [by malware].”

You might also like
Most comment
share us your thought

0 Comment Log in or register to post comments