SophosLabs claims to have identified at least 25 Android apps published on the official Google Play Store containing scripts that facilitate cryptojacking activities on users' computers.
In its report, the company noted that the apps in question were "downloaded and installed more than 120,000 times".
The report comes about two months after Google announced it will no longer allow apps that extract cryptocurrency on devices. According to SophosLabs, malicious malware was included in a variety of applications, from educational to gaming and utility applications.
Of the 25 apps, 22 were in possession of an implementation of the Coinhive code. The Coinhive script allows hackers to extract the coin focused on privacy, Monero (XMR), unbeknownst to the device user. Meanwhile, it was discovered that Lighton and Mobeleader hosted cryptographic scripts on their servers "allegedly to counter firewalls or parental / reputation control services that could block Coinhive's domain by default."
Another application called A Paintbox for Kids was also found with Xmrig, which has been described as an open source CPU miner that can extract not only XMR but also many other cryptocurrencies.
Source: SophosLabs
According to the SophosLabs report, apps containing cryptographic malware include Trance Droid from Happy Appys; Palkar of Palpostr.com; LHDS providers published by Taste of Life Group; Mobeleader by Abser Technologies; Helper for Knight Game by Evgeny Solovyov; and Dizi Fragmanları İzle from Oguzhan Kivrak.
The report also identified the Game Viet 2048 apps by Thanhtu Media, Afterlife: RPG Clicker CCG by Levius LLC, Dominoes Games by Fun Board Games, A Paintbox For Kids by Uwe, Tapbugs and Dreamspell by Riccotz, Info Guru Pendidikan by Cakrawala Pengetahuan and Lighton of Buyguard.
Meanwhile, 11 Gadgetium apps containing an HTML page with a Coinhive-based miner were also found. The apps were "preparatory apps for standardized tests provided in the United States, exams like ACT, GRE or SAT," according to SophosLabs.
Google blocked cryptocurrency activities that it considered harmful to customers. At the beginning of this year, Google has prohibited the advertising of cryptocurrencies and related products. During this period, other platforms like Facebook and Twitter have also banned cryptocurrency ads on their platforms. In April, some of Google's platforms like the Chrome Web Store banned cryptocurrency mining extensions.
Recently, it is reported that Google intends to mitigate its position on the cryptocurrency. Google has announced its intention to update its cryptographic ad policy, as part of its offer to work more closely with regulated institutions in the United States and Japan.