Kids games latest target for Google Play cryptominers as profits fall

Despite Google’s efforts, cryptojacking code is still being found in mobile games.

Educating your children about the dangers of the internet is one thing. Telling them that the apps they download on their tablets or phones are the subject of rapidly growing interest from cryptocurrency miners? A whole different kettle of fish.

A recent report from Sophos Labs found that at least 25 Android apps on the official Google Play store contain Coinhive, a JavaScript cryptojacking code that mines Monero (XMR) in the background.

Among the infected apps are child’s games A Paintbox for Kids, TapBugs and Domino Games, alongside Gadgetium educational apps for LSATs and SATs exams.

While Google officially banned cryptominers from the Play Store in July, the threat is ever-increasing, analysts say. The most frequently discovered is XMRig, an open source CPU miner that can produce XMR, Bitcoin and Ethereum.

The code is simple to implement as it is only a few lines long, say Sophos Labs.

“Monero has been the authors’ choice of cryptocurrency for all these apps as it offers sufficient privacy to keep the source, destination, and the amount mined hidden,” writes Sophos analyst Pankaj Kohli.

Cryptominers are also becoming harder to detect manually as they become more sophisticated.

“These apps use CPU throttling to limit CPU usage by mining and thus avoid the usual pitfalls: device overheating, high battery drain and overall device sluggishness,” Kohli concluded.

Malicious cryptomining has spiked in the past 12 months, mostly driven by decreased mining profits for the major cryptocurrencies and a desperate search for cheap processing power.

Researchers found that 85% of illicit cryptocurrency malware mines XMR, with 8% targeting Bitcoin. Now we know it is unsuspecting underage marks that are making up the margins.

Tools leaked from the US National Security Agency – which include EternalBlue, blamed for the North Korea-sponsored WannaCry ransomware attack of 2017 – have fuelled a surge in this type of malware operation. The US Secret Service has already called for new US legislation against Monero and cryptomixing operations like ZCash, because of the difficulties they post for anti money-laundering investigators.

The Cyber Threat Alliance (CTA), a international group of cybersecurity firms and professionals detected a 459% increase in cryptomining in the past 12 months.“Activity has gone from a virtually non-existent issue to one that universally shows up at the top of our members’ threat lists,” said Neil Jenkins, chief analytic officer for the CTA.