Drive-by mining, in which a user’s PC is unknowingly used to mine cryptocurrency, has a new attack vector according to Kaspersky Labs.

We’ve seen cryptocurrency mining scripts being used on websites before this but today we’ve learned that cyber criminals are moving towards smartphones.

“The experts at Kaspersky Lab found evidence showing that criminals are adding mining capacities into legitimate applications and spreading them under the guise of football broadcasting and VPN applications – with Brazil and Ukraine as the main victims,” said Kaspersky Lab in a statement.

Researchers at the cyber security company say that the most popular type of app hiding cryptocurrency mining malware are football applications. These apps allow users to stream football games while silently using compute power to mine Monero.

Kaspersky Lab says the malware it has seen uses the Coinhive Javascript miner.

“When users launch the broadcast, the application opens an HTML file with the JavaScript miner embedded, converting visitors’ CPU power to the Monero cryptocurrency for its author’s benefit,” said the firm.

The most popular of these apps was downloaded 100 000 times.

VPN apps are also being used to hide mining malware. One application,, is said to have contained malware and was downloaded 50 000 times, mostly by users in Russia and the Ukraine.

As with PCs a good security solution for your smartphone is vital as is disabling the ability to install applications from a third party on Android.

While many users side-load apps this creates a hole through which cybercriminals can sneak malware onto a device without having to go through the Google Play Store.


[Image – CC 0 Pixabay]