A new strain of Android malware[1] will continuously use an infected device's CPU to mine the Monero cryptocurrency until the device is exhausted or even breaks down.
Security company Trend Micro has named the malware 'HiddenMiner[2]' because of the techniques it uses to protect itself from discovery and removal.
Like most cryptocurrency mining software, HiddenMiner uses the device's CPU power to mine Monero. But Trend Micro said that because there is no switch, controller or optimizer in HiddenMiner's code it will continuously mine Monero until the device's resources are exhausted.
"Given HiddenMiner's nature, it could cause the affected device to overheat and potentially fail," the company said.
If the researchers' concerns are correct, this is not the first crypto-mining malware to put your smartphone at risk: last year the Loapi[3] Android malware worked a phone so hard that its battery swelled up and burst open the device's back cover, wrecking the handset within 48 hours.
Trend Micro said the two pieces of malware share similarities, noting that Loapi's technique of locking the screen after revoking device administration permissions is analogous to HiddenMiner's.
Researchers at the company identified the Monero mining pools and wallets connected to the malware, and spotted that one of its operators withdrew 26 XMR -- around $5,360 -- from one of the wallets. This, they said, indicates a "rather active" campaign of using infected devices to mine cryptocurrency.
HiddenMiner poses as a legitimate Google Play update app, and forces users to activate it as a device administrator. It will persistently pop up until victims click the Activate button; once granted permission, HiddenMiner will start mining Monero in the background.
It also attempts to hide itself on infected