Google has banned entirely from its official Google Play Store the apps that mine cryptocurrency.
This was done quietly via an update of its developer policy page with the following statement:
We don’t allow apps that mine cryptocurrency on devices. We permit apps that remotely manage the mining of cryptocurrency.
The move mirrors the one made by Apple, which banned cryptocurrency miners from its stores in June. It also follows other measures made by Google to stop cryptocurrency mining programs being delivered via its products and services. Remember that in April, Google banned cryptocurrency mining extensions for its Chrome browser from the Chrome store.
This kind of actions may stop crypto mining but It is less likely to stop crypto jacking, where apps deliver a legitimate service but also do some crypto mining on the side without the user’s explicit consent.
To stay away from such threats, we recommend the install of antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your device is running.
If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests; they are essential because an infection that uses malware coin miners is hazardous for every company.
We also found a 600% increase in overall IoT attacks in 2017; this means that hackers can exploit the connected nature of these devices to mine en masse.
Crypto jacking has been a growing problem in Android apps. In April, researchers discovered that users had downloaded various Play Store apps that secretly mined for cryptocurrency more than 100,000 times.
Usually, crypto jacking malware is delivered under the radar because the apps download their malicious code after the user has installed them.
The search giant has also had to clean up its own YouTube network after it found the ads delivered via the Google-owned DoubleClick advertising service were turning viewers into cryptocurrency miners without their knowledge or consent.
This new ban is a good thing because consequences for mining on a phone can be more severe than on a PC. For example, the Loapi malware, which mined for cryptocurrency without the user’s consent, wrecked a phone in 48 hours by overloading its processor so much that the battery swelled up and burst the phone’s case.
This ban will make the anti-crypto jacking stance official, but it will also hit crypto mining apps, which allow users to willingly use their phone power to mine apps. Several well-known mining apps were still available on the Google Play store at the time of writing, including Pocket Miner, AA Miner, and NeoNeonMiner; which is not uncommon because it took Google two months to get rid of all the mining extensions from the Chrome store.
Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running,
If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.