Android Apps Infected with Cryptocoin Malware Mining Code

Infected Cryptocoin Mining

Over a million Android smartphones have been infected with Cryptocoin mining software without the immediate knowledge of the owner. Downloaded apps off of Google Play store quietly install the malware.

Researchers at Trend Micro security claimed to have found at least two different apps on the Google Play store which contain the malware. The identified apps are ‘Songs’ and ‘Prized’.

The apps contain a code which join the phone to the cryptocoin-mining pool.  Each app received between 1 and 5 million downloads, resulting in up to 10 million infected phones.

After selecting to download one of the apps, a request to run the mining software appears in the terms of service and conditions. The majority of users who download apps never read the conditions, and select ‘OK’ without realizing what it is they just accepted to.

Trend Micro discovered a bitcoin mining code hidden outside of Google Play, in versions of Football Manager Handheld and TuneIn Radio. Trend Micro further explains in their blog post:

“The miner is started as a background service once it detects that the affected device is connected to the Internet. By default, it launches the CPU miner to connect to a dynamic domain, which then redirects to an anonymous Dogecoin mining pool.”

This type of forced mining leads to rapid draining of a phone’s battery life, leading users to charge their phones more often.

Coinkrypt Malware

According to a mobile security company, Android phones that are used for mining digital currencies are prone to overheating due to a malicious software program.

This Coinkrypt malware isn’t too far spread, and is mostly spoken about on Spanish-language forums. The forums discuss pirated software, says Marc Rogers, principal security researcher for Lookout Mobile Security.

Rather than stealing information, the malware mines digital currency with participating peer-to-peer networks, verifying transactions using a cryptographic proof system.

Coinkrypt functions with digital coins such as litecoin, dogecoin and casinocoin, but not bitcoin. Since coins other than bitcoin are much easier to mine, mining for them “might yield more coins with less work,” says Rogers. However, the process is still a lot for a mobile phone to handle.

Coinkrypt’s basic nature is meant to make digital currency mining as simple as possible when leaching off of a users phone. Rogers wrote:

“Mining can be incredibly resource-intensive and, if allowed to run without any limits, could potentially damage hardware by causing it to overheat and even burn out. Users affected by this malware will find their phones getting warm and their battery-life massively shortened.”

Another downside to the Coinkrypt malware is that uploading large files to BlockChain can take up too much of a phone’s memory and data.

The amount of coins earned by miners may not be worth the effort and downsides of the malware. One Lookout Mobile analyst reported that it took seven days to mine for $0.20 worth of litecoin. Rogers added:

“Despite the fact that this malware author was likely targeting the lower hanging digital currency fruit, mining likely isn’t worth the return on investment for this malware.” 

For more bitcoin news, stay tuned to CoinReport.

Featured Image