Google, Apple Put Protections in Place Against Malicious Cryptocurrency Mining Software

Google is following rival Apple in banning cryptocurrency mining software apps from its online Play Store at a time when cryptomining malware is becoming an increasingly popular way for bad actors build up their profits.

Google officials recently updated the Play Store developer policies to include the line, “We don’t allow apps that mine cryptocurrency on devices.” There have been myriad cryptomining apps--including Crypto Miner, NeoNeonMiner and MinerGate--available from the Google app store. 

The move follows a similar one by Google in April, when it banned Chrome browser cryptomining extensions that mined cryptocurrencies without the consent of users. Apple made a similar move in June, banning such cryptocurrency mining software from its iOS-based App Store. Google, however, still allows apps that manage cryptominers, including cloud-based systems. 

The bans come as cybercriminals increasingly target user and corporate compute systems--everything from smartphones and PCs to servers--to steal CPU power to mine cryptocurrencies like Bitcoin, Ethereum and Monero. Cryptomining requires a significant amount of compute power to run the algorithms and mathematical calculations, and thus earn tokens or pieces of tokens. Bad actors use malware to infect systems and use their compute power to mine cryptocurrencies.

A range of cybersecurity vendors--including McAfee, Cisco Talos, Check Point, Proofpoint and Guardicore--has found that cryptomining has overtaken ransomware as the key threat from cybercriminals. Cryptomining malware is less "noisy" than malware such as ransomware, which encrypts data and demands a ransom be paid--announcing its presence and requiring action by other people. Cryptomining malware, in contrast, can be difficult to detect given that it runs in the background of the system. However, for smaller systems like smartphones, such malware can have a visible effect on performance and response.

Initial cryptomining malware tended to target consumer PCs and other devices. However, cybercriminals increasingly are taking aim at larger commercial systems like services and corporate networks to increase the compute power at their disposable and reap larger profits from the illicit mining.

Mining for cryptocurrencies is not a crime; plenty of people do it legally, though it can be a complicated process. However, stealing the compute power from someone else’s system is against the law, and the bans on cryptomining apps by Google and Apple appear to be a way of protecting their users, according to Fernando Montenegro, senior analyst for information security at 451 Research.

“This is a helpful move by the app stores, helping to protect users against potentially unscrupulous behavior by what I assume to be a minority of developers,” Montenegro told ITPro Today in an email. “The vast majority of users just wants to get stuff done, and is unlikely to delve into the details about the applications they’re downloading. Cryptomining can be done with no visible to signs to the user other than a general slowdown, so it’s difficult to detect. Adding a ban on the app store terms makes it both clear that the practice is not allowed, and gives the app store an easier justification to ban infractions.”

The analyst compared the cryptomining app ban to protections given to consumers against predatory lenders, adding that “the terms imposed by the app stores aim at protecting users from scenarios where they end up with additional load on their devices without a clear understanding that they did so.”

Like Google, Apple bans apps that mine for virtual currencies unless the processing is done somewhere else than the device, such as a cloud-based system.

The vendors “seem to be taking the position that the potential for exploiting user behavior via cryptomining is something they’re in a position to protect against,” Montenegro said. “We need to keep in mind that it’s never a perfect system: I’m sure there are scenarios where someone can legitimately claim they understand the details and want to do cryptomining in their devices, but what the app stores are doing seems sensible and pragmatic to me.”

Growing interest among the general population to make money through mining cryptocurrencies is driving the development of cloud-based mining-as-a-service (MaaS) offerings. One example is a year-old startup called Argo, which allows people to mine virtual currencies without having to pay thousands of dollars to buy and manage computers. Instead, it’s a subscription service, with the compute-intensive work being done on systems in Argo’s data center.