Trojan.AndroidOS.Coinge

Detect Date 05/11/2017
Class Trojan
Platform AndroidOS
Description

Applications of this family are often full working copies of well-known legitimate software that has been injected with functionality for mining cryptocurrency. Mining, which is CPU-intensive, occurs only when the phone is not in use. When the phone is unlocked, all traces of mining activity are wiped with the help of previously obtained superuser rights: mining stops and the files needed for it are deleted. When needed, the application downloads mining-related information from a server.

Geographical distribution of attacks by the Trojan.AndroidOS.Coinge family


Geographical distribution of attacks during the period from 11 May 2016 to 11 May 2017

Top 10 countries with most attacked users (% of total attacks)

Country % of users attacked worldwide*
1 Russian Federation 22.62
2 India 11.08
3 Indonesia 5.08
4 Ukraine 4.21
5 Mexico 3.30
6 Algeria 3.07
7 Philippines 2.68
8 Vietnam 2.66
9 Spain 2.40
10 Nepal 2.19

* Percentage among all unique Kaspersky users worldwide attacked by this malware