Content, Breach, Content, Malware

RiskIQ Report: Cyber Gangsters Using Mobile Malware to Mine Cryptocurrency on Devices

Nation-state cyber gangsters are increasingly using malicious mobile apps to opportunistically mine cryptocurrency on user devices, RiskIQ said in a new report.

Findings from RiskIQ’s Q1 2018 Mobile Threat Landscape show that threat actors are reaping pay days by taking advantage of the popularity and volatility of the cryptocurrency landscape. In March, an app called Calendar 2 in Apple’s App Store began mining Monero digital currency on user devices, RiskIQ said. Even though the app disclosed this feature, the developers set mining as the default option. Bugs that caused the app to continue mining, despite users opting out, caused the developer to pull the app from the store after a short period, RiskIQ said.

That wasn’t all that went on in Q1. RiskIQ issued an alert warning of blacklisted apps masquerading as or associating themselves with Bitcoin exchanges, Bitcoin wallets, or cryptocurrency in general. It’s an indication of the growing popularity of digital currencies and their potential as an income source for crooks and legitimate businesses, the mobile malware watchdog said.

Here’s more data from the Q1 report:

  • The number of malicious mobile apps in online stores continued to decline, despite a rise in the number of total apps over the last four quarters. In Q1, 21,948, or 1.4 percent of the total of 1.5 million newly observed apps, were blacklisted, a lower percentage than in the previous four quarters.
  • The numbers of blacklisted feral apps declined for the fourth-straight quarter, from 3,507 in Q4 2017 to 1,981 in Q1 2018. About 46 percent of feral apps were blacklisted in Q1 2018.
  • Google hosted 8,287 blacklisted apps in Q1, which is consistent with previous quarters and outpaces the next most blacklisted store, AndroidAPKDescargar, by 4,595 such apps.
  • 86 percent of apps blacklisted in Q1 claimed the READ_SMS permission, which allows the app to read messages, skirt two-factor authentication, track location, read and write to the call log, generate alert windows, change settings and other requests. Among apps blacklisted in the Google Play Store, 1,207 access the phone's camera, nearly 800 of which also record location data and about 600 record audios.

In RiskIQ’s Q4 2017 report, it said the number of blacklisted apps had shrunk by 37 percent from the prior period but still featured major threats such as brand imitation, phishing, and malware. New bugs, such as a bankbot network preying on cryptocurrency customers, also appeared on the scene.

And, in its Q3 2017 report, RiskIQ said the volume of malicious apps for mobile platforms continued to assault the market, including brand imitation and trojan apps in official vendor stores and the WireX botnet attacks.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.