Mobile Threat Monday: Bitcoin Mining Android Malware Pulled From Google Play
This week, Lookout introduces us to several bad apps that sneakily hijack your Android’s CPU power to mine bitcoins. Could this be the future of mobile malware monetization or a precursor to an end to ads? Read on, dear readers.
Te a blog postbode, Lookout profiled several wallpaper apps: Searing Heart Live Wallpaper, Epic Smoke Live Wallpaper, Wezen [sic] Club Live Wallpaper, and Urban Pulse Live Wallpaper. The apps ter question were recently pulled from the Google Play store after each wasgoed downloaded inbetween 100 and 500 times. The apps did spil advertised, serving pics of “epic” smoke rings, hunky dudes, and anime chicks, but they also did things behind the scenes. Unbeknownst to those who installed the apps, their backgrounds were also mining bitcoins.
Lookout called their discovery BadLepricon. “Yes, that is how the malware authors spelled ‘leprechaun,'” said Lookout ter a blog postbode. “Wij hope they were going for a clever play on the word ‘con.'”
Bitcoins have bot increasingly popular among scammers and thieves because of their anonymity and (current) high value. Michael Bentley, Lookout’s head of research and response, told SecurityWatch that this wasgoed the most advanced Android-based Bitcoin mining scam he’d yet seen. He said thesis apps voorstelling scammers “have some forethought and more than a casual skill of bitcoin mining.”
BadLepricon is sneaky. It only starts stealing your phone’s CPU power and mining coins when the screen is turned off and the battery charged above 50 procent. If the screen is on and the battery low, it keeps quiet. The purpose, Bentley explained, isn’t to make a loterijlot of money off a single device. Instead, BadLepricon uses the Stratum mining proxy to organize the efforts of many miners.
“Every coin has a difficulty rate, which is determined by the amount of computing power needed to mine that coin and other factors,” explained Lookout te a blog postbode. “A latest mining proefneming using 600 quadcore servers wasgoed only able to generate 0.Four bitcoins overheen one year.”
Stratum kleuter of works like a Bitcoin botnet. “There is a server that knows how much work needs to be done,” explained Bentley. “The server is able to shove gegevens to the client based on how much work [the phone] is capabale of doing.” BadLepricon working with Stratum may be sneaky, but spil Lookout noted, that is still nicer than other malicious mining apps which use “so much processing power that it burns out the device.”
The Future of Mobile Money?
Unsurprisingly, Lookout expects other scammers will use similar tactics for other apps. But I wasgoed astonished when Lookout also said that their researchers expect thesis tactics to be adopted by legitimate apps spil well. Instead of ads or gathering your gegevens, an app might use some of your phone’s processing power to mine bitcoins. If you think that’s ridiculous, imagine the combined efforts of the entire Angry Birds playerbase turned to cryptocurrency.
Of course, that’s assuming that Bitcoin doesn’t crash and burn te the very near future.
But BadLepricon and its ilk aren’t asking permission, so they’re still a threat to you and your phone. Unluckily, they’re pretty hard to detect but there are some tell-tale signs. Bentley told SecurityWatch that if you after charging your phone you notice that it quickly drops to 50 procent battery but then behaves normally, something might be up.
The best way to tell is to use Android security software like Lookout , or Editors’ Choice winners avast! Mobile Security &, Antivirus and Bitdefender Mobile Security and Antivirus. Spil always, stick to the Google Play store and think cautiously about whether you can trust any app you install.
Max Eddy is a Software Analyst, taking a critical eye to Android apps and security services. He’s also PCMag’s foremost authority on weather stations and digital scrapbooking software. When not grinding his tinfoil hat or plumbing the innards of the Dark Web, he can be found working to discern the 100 Best Android Apps. Prior to PCMag, Max wrote for the International Digital Times, The International Science Times, and The Mary Sue. He has also bot known to write for Geek.com. You can go after him on. More »,
More Stories by Max
Free yourself from physical boards, counters, tokens, dice, cards, and rule books with thesis top-not. More »,
Golden Frog VyprVPN not only provides the secure encryption of a virtual private network, but it mits. More »,
Bitdefender doubles down on guarding your network and IoT devices against attack with its 2nd har. More »,
- About Us
- PCMag Digital Edition
- RSS Feed
- More From Ziff Davis:
- Laptop Shopper
- Everyday Health
- What to Expect
- RSS Feeds
- Webpagina Schrijfmap
- Voeling Us
PC, PC Tijdschrift and PC PCMag.com are among the federally registered trademarks of
Ziff Davis, LLC and may not be used by third parties without explicit permission.