Mobile software found on Google's Play Store, the official application marketplace, contains malware that could infect Android devices and clandestinely mine cryptocurrency.
Cybersecurity researchers from Trend Micro said Monday (30 October) that two malware strains – dubbed JsMiner and CpuMiner – were found in at least three applications. Software included a wallpaper provider, a religious prayer service and a wireless internet scanner.
It remains unclear how many downloads each app received, and experts are yet to determine how much money the criminals behind the scheme made.
While some details remain unknown, experts say it is unique for such malware to be targeting mobiles.
Cryptocurrency mining typically works by hijacking a device's computing power in order to "mine" digital currency, in this case Monero.
On smartphones, devices hit with the mining malware will show clear signs that something is wrong – including reduced battery functionality and slower performance.
"These threats highlight how even mobile devices can be used for cryptocurrency mining activities, even if, in practice, the effort results in an insignificant amount of profit," Trend Micro's mobile threat response team wrote in its analysis.
"Users should take note of any performance degradation on their devices after installing an app," it added. The malicious software has now been removed from the store by Google.
A lucrative business
"As cryptocurrencies have grown in popularity and value, cryptocurrency mining has turned into a lucrative business," said Chris Olson, CEO of web monitoring firm The Media Trust.
He continued: "However, it's also a resource-intensive business that drives the enslaving of hundreds or thousands of devices to access their computing power.
"This enslaving is typically accomplished by surreptitiously inserting code into popular services which, when accessed by a user, executes and downloads a file on the user device.
"Most users only notice when the device experiences unexpected behaviour, i.e., slow processing or activity when the device should be idle."
Coinhive, a popular mining software, was recently found on The Pirate Bay. Yet it appears that cryptocurrency-focused malware is increasingly targeting smartphone users.
Last week, ESET, a Slovakian cybersecurity company, found two malicious applications on Google Play posing as a popular US cryptocurrency exchange called Poloniex. The malware, used to steal passwords and sensitive data, was reportedly downloaded thousands of times.
You can see Trend Micro's full analysis report here.