19 Mar 2018 · 1 min read

Monero Cryptominers Use Google Play and Picture of Scarlett Johansson

While malicious cryptominers are nothing new on the internet, it is still possible to be surprised by the ways people are hiding them.

This infected image has been deleted. Source: Imperva

Imperva, an American provider of data and application security solutions, identified a new but unusually distributed Monero cryptominer scam campaign involving the face of American actress and singer Scarlett Johansson, according to the company's blog post.

These researchers believe that the malware was embedded into the photo as a way to deceive security products, since the technique of appending binary code, which was used to hide the miner, to authentic image files or documents can mutate the file, which can then bypass most anti-virus software.

"The attackers wanted to download their latest piece of malicious code, so they hosted it as an image in imagehousing.com, a legit place to host and share your images freely," the researchers said.

When the picture was scanned at the VirusTotal service, just three anti-virus programs detected the file as malicious. When the embedded crypto-mining program was individually scanned, then 18 anti-virus programs detected it, according to the company.

Cryptominers embedded in apps are not a rarity either. Only recently, an Apple-approved calendar app was found to be mining crypto for its developers in lieu of people paying for its premium features.

Two new ones were found by a cybersecurity firm Avast on Google Play app store, called SP Browser and Mr. MineRusher. The apps are said to have a combined subscriber base in the thousands. According to the company, the mobile mining process begins once a user downloads the application and opens it, without needing to make any further action.

However, in the blog post, Avast also said that these developers don’t really gain all that much because “cryptomining campaigns require large-scale computing power in order to generate enough coins for a profitable return on investment. Unlike desktop computers, mobile devices lack the computing power for an attacker to make any substantial monetary gain.”