New Cryptomining Malware Is On Its Way To The USA
By: Jim Stickley and Tina Davis
February 17, 2019
There’s a new malware out there called HiddenMiner. It hacks unsuspecting smartphone users and steals their battery power. The malware often ends up destroying devices by sapping every bit of energy from a smartphone battery. It overheats either the battery or the device – whichever goes first. Experts say the initial hacks were mostly in China and India, but there’s every reason to believe the malware is on the move. They believe USA is the next fertile ground for HiddenMiner’s expanding worldwide crusade.
The HiddenMiner malware works in the background of a smartphone, first infecting then escaping detection until it’s too late. It’s used to cryptomine, which needs a significant amount of power to mine Bitcoin or other cryptocurrencies successfully. Cryptomining is the digital version of gold mining. The process produces actual cryptocurrency which can then be used to purchase goods as an alternative to traditional currencies. It is a very costly process that most people do not take on this effort, but the costs do go down significantly if you are using thousands of smartphones to do the work for you. HiddenMiner targets Monero, a type of cryptocurrency that continues to rise in value on the cryptocurrency market.
The highly successful HiddenMiner malware currently affects only Android devices, needing access to the administrator account to function. Hackers are currently using a fake Google Play Store app update with the URL com.android.sesupdate. But beware! From there, it sneaks into smartphones via infected third-party apps and those affected likely won’t even know it’s there…until later. It runs in the background, completely invisible and unknown to the device owner. It continues to mine Monero until the device is useless to HiddenMiner. By that time, the smartphone is useless to the owner as well. With over 200 million smartphone users in the US, it’s no wonder HiddenMiner is on its way here.
When downloading applications or software for any device, be sure to thoroughly research them. Read the reviews, ask others if they have had experience with the product and how it was, and even do some general internet searching to read what’s up with it. If you feel comfortable after doing that, you can feel better about installing it.
Also, don’t sideload applications. Stick to the official app stores. While it’s not out of the question that malicious programs make it into those places, the risk is lower than grabbing them off other locations.
This type of malware was first detected in 2015 after Loapi virus was exposed as the first “untethered” malware. HiddenMiner is an improvement on Loapi’s approach to cryptomining hacks. These types of malware remotely gain access to a smartphone owner’s account and immediately begin mining. In the past, a miner needed to provide its own power source for cyptomining – often at an expense and inconvenience for the miner. Untethered malware attacks like HiddenMiner don’t use their own power sources to mine, but they will gladly use and deplete yours!