Android malware and web pages that harness users’ devices to mine cryptocurrency are not entirely new, but the newly discovered HiddenMiner revealed by TrendMicro is especially dangerous in that it will max out infected devices’ resources for mining Monero, potentially causing overheating and failure. TrendMicro traced the activities of one wallet address linked to the malware and found that it is extremely active as of this writing. The malware is similar in nature to the Loapi malware that made headlines last year in that it not only uses up devices’ resources with no optimization or limits, but once it has administrative privileges, it can lock users out of their devices if they try to revoke those privileges.
Thus far, apps infected with HiddenMiner have not been found on the Play Store, and the malware seems to be largely contained to India and China for the time being. Once a user installs an infected app, it will constantly pester the user for device administrator permissions. Once it has them, it can do just about anything with little restriction in older Android versions, which means that it can not only mine until devices are too damaged to continue mining, but it can lock the device when users try to revoke those permissions in order to uninstall the infected app. It should be noted that the vulnerability used here is the same as in Loapi, and it has been patched in Android 7.0 Nougat and up. The infected app will also hide itself at first with an empty icon and label inside the app drawer, then make those disappear once it has administrator privileges.
As with most of the more malevolent Android malware out there, users can avoid it by sticking to the Play Store for app downloads. This one was found on third-party app stores, which often have little to no security checking and allow users to upload any APK file they happen to have on hand. If you do get infected and are on an older Android version, the only recourse is a factory reset. Thankfully, devices on Nougat and up can simply revoke permissions and uninstall the app.
