HiddenMiner is an Android cryptocurrency-mining malware that poses as a legitimate Google Play update app. It uses infected devices to mine the Monero cryptocurrency until it uses up all of the device's resources and it eventually breaks. Sharing similarities with the Loapi Android malware, HiddenMiner forces the victim to activate the legitimate Google Play app as a device administrator, and once accepted, will start mining Monero in the background. The malicious app will attempt to hide itself on the infected device by using a transparent app icon and hiding the app from the app launcher. Since infected app having administrator privileges, it is very difficult for the user to remove of the malicious app; the user is required to remove administrator privileges first. HiddenMiner combats this by locking the devices screen when the user attempts the deactivation.

Reporting and Technical Details

  • March 2018: Monero-Mining HiddenMiner Android Malware Can Potentially Cause Device Failure. (Trend Micro)