Android Cryptojacker Masquerades as Banking App to Mine Cryptocurrency on Locked Devices

SUMMARY :

A new Android malware campaign has been discovered, disguising itself as a banking app to covertly mine cryptocurrency on locked devices. The malware, distributed through a phishing website impersonating Axis Bank, downloads and executes a modified version of XMRig, a popular cryptocurrency mining software. It monitors the device's lock state and battery level, initiating mining operations when the device is locked and stopping when unlocked. This stealthy approach allows for persistent mining, leading to excessive heat generation, battery drain, and potential hardware damage. The malware uses multiple hosting platforms to distribute its payload and connects to specific mining pools. Its impact on devices includes high CPU and memory usage, significant temperature increases, and overall performance degradation.

OPENCTI LABELS :

phishing,banking,android,cryptojacking,xmrig,monero,device-lock,battery-drain,overheating,android.dminer.a


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Android Cryptojacker Masquerades as Banking App to Mine Cryptocurrency on Locked Devices