# Dissecting Android Cryptocurrency Miners

**Authors:** Stanislav Dashevskyi, Yury Zhauniarovich, Olga Gadyatskaya, Aleksandr, Pilgun, Hamza Ouhssain

arXiv: 1905.02602 · 2020-02-25

## TL;DR

This paper analyzes Android cryptocurrency miners, identifying their characteristics, development libraries, and static features, and introduces BrenntDroid, a machine learning tool that detects miners with 95% accuracy.

## Contribution

It provides a comprehensive analysis of Android miners and develops BrenntDroid, a dynamic detection tool that outperforms static analysis methods.

## Key findings

- Majority of miners are considered malicious by VirusTotal
- Static features alone are insufficient for detection
- BrenntDroid achieves 95% detection accuracy

## Abstract

Cryptojacking applications pose a serious threat to mobile devices. Due to the extensive computations, they deplete the battery fast and can even damage the device. In this work we make a step towards combating this threat. We collected and manually verified a large dataset of Android mining apps. In this paper, we analyze the gathered miners and identify how they work, what are the most popular libraries and APIs used to facilitate their development, and what static features are typical for this class of applications. Further, we analyzed our dataset using VirusTotal. The majority of our samples is considered malicious by at least one VirusTotal scanner, but 16 apps are not detected by any engine; and at least 5 apks were not seen previously by the service.   Mining code could be obfuscated or fetched at runtime, and there are many confusing miner-related apps that actually do not mine. Thus, static features alone are not sufficient for miner detection. We have collected a feature set of dynamic metrics both for miners and unrelated benign apps, and built a machine learning-based tool for dynamic detection. Our BrenntDroid tool is able to detect miners with 95% of accuracy on our dataset.   This preprint is a technical report accompanying the paper "Dissecting Android Cryptocurrency Miners" published in ACM CODASPY 2020.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1905.02602/full.md

## Figures

16 figures with captions in the complete paper: https://tomesphere.com/paper/1905.02602/full.md

## References

48 references — full list in the complete paper: https://tomesphere.com/paper/1905.02602/full.md

---
Source: https://tomesphere.com/paper/1905.02602