Android Cryptojacker Masquerades as Banking App to Mine Cryptocurrency on Locked Devices

July 18, 2025, 8:23 p.m.

Description

A new Android malware campaign has been discovered, disguising itself as a banking app to covertly mine cryptocurrency on locked devices. The malware, distributed through a phishing website impersonating Axis Bank, downloads and executes a modified version of XMRig, a popular cryptocurrency mining software. It monitors the device's lock state and battery level, initiating mining operations when the device is locked and stopping when unlocked. This stealthy approach allows for persistent mining, leading to excessive heat generation, battery drain, and potential hardware damage. The malware uses multiple hosting platforms to distribute its payload and connects to specific mining pools. Its impact on devices includes high CPU and memory usage, significant temperature increases, and overall performance degradation.

External References

https://www.seqrite.com/blog/android-cryptojacker-disguised-as-banking-app-exploits-device-lock-state/
https://otx.alienvault.com/pulse/687a4623c2156baa43917a90
Tags
phishing
android
xmrig
banking
cryptojacking
monero
2025-07-18
device-lock
battery-drain
overheating
android.dminer.a

Date

  • Created: July 18, 2025, 1:03 p.m.
  • Published: July 18, 2025, 1:03 p.m.
  • Modified: July 18, 2025, 8:23 p.m.

Indicators

  • 9e661480aa5cdd018b2bf93bb2834c9567d5cf95700dfce89ad93693f0bdb781
Download all indicators here!

Additional Informations

  • Finance