306 Android apps harboring cryptocurrency malware
By Bob Garcia
The “CRYLOGGER” tool has identified rampant malware abuse among Android apps
Malware has always been a problem, but it is becoming a larger threat to mobile devices. They use the power of technological devices like computers and smartphones to mine cryptocurrency and also to obtain information that can be used to breach crypto accounts, and there’s never any shortage of problems being found. Specifically, for smartphones, a new tool created by US researchers can discover crypto bugs installed in Android apps, which has already helped developers from Columbia University discover a total of 306 cryptocurrency bugs in Android applications. This customer tool is called “CRYLOGGER” and it has been used already to test 1,780 Android apps from at least 33 different Google Play Store categories. The developers found all those bugs in the apps and, so far, none of them has been patched.
“Only 18 of 306 app developers replied to the research team and only eight engaged with the team after the first email,” the report said, quoting the researchers. “All the apps are popular: they have from hundreds of thousands of downloads to more than 100 million,” added the researchers. Some of those crypto bugs were found to be in the app’s code, while some others came as part of Java libraries, which are more common vulnerabilities.
“Since none of the developers fixed their apps and libraries, researchers refrained from publishing the names of the vulnerable apps and libraries, citing possible exploitation attempts against the apps’ users,” added the team. This new app can be used by Android developers as an addition to CryptoGuard, according to researchers. CRYLOGGER has been launched in the same way as CryptoGuard was, which means that it is available in the open-source repository GitHub.