Hackers are using Google Play Store apps to secretly mine cryptocurrency on your Android phone

19 Android apps that secretly mine the cryptocurrency Monero were recently discovered in the Google Play Store, according to security company Sophos.

Hackers are using Google Play Store apps to secretly mine cryptocurrency on your Android phone

The security firm has published a 13-page report, highlighting that it found apps containing “embedded CoinHive-based miners” in Google’s app store at the start of 2018.

One of the apps, Algorithms Data Structures C Beginner Tutorial App, was installed somewhere between 10,000 and 50,000 times before it was removed by Google.

READ NEXT: Is your computer secretly mining crypto?

Because the malicious “CoinHive” code is well hidden, criminals can use it to mine Monero on users’ devices without them having any idea that it’s happening. The only clue is that their device might slow down and become warm, because of the strain on the CPU. However, in some cases the hackers employ CPU throttling to prevent heating up of the device and conceal its presence.

The researchers found the malicious JavaScript code was typically hidden in an HTML file in the app’s ‘assets’ folder. The apps would then run these scripts in a hidden web browser within the app in order to mine Monero.

The Sophos report also identifies another new way cryptocurrency is mined on Android devices, using “third-party mining modules” such as CoinMiner. Researchers found these modules in tampered versions of popular applications on third-party websites, but also in some apps on the Google Play Store. These have since been removed by Google.

“The rise of CoinHive and CoinMiner comes after the recent discovery of Loapi, which masquerades as popular antivirus apps or an adult content app,” the report explains. “It downloads and installs several modules, each of which perform a different malicious action such as sending device information to a remote server, stealing SMS, fetching advertisements, crawling webpages, creating a proxy and mining Monero.”


Sophos’ report follows Malwarebytes recent discovery of malware that can mine cryptocurrency on Android devices without any apps even being installed. The security company found a number of websites that could mine Monero providing a user successfully filled in a CAPTCHA.

To avoid falling victim to crypto mining, Sophos recommends avoiding installing apps from third-party app stores and, because some malware evidently manages to slip through the net on the Play Store, it also advises installing its own Mobile Security app for extra protection.

Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.

Todays Highlights
How to See Google Search History
how to download photos from google photos