Lookout, a popular security app on Google Play, has discovered five wallpaper apps that were secretly mining Bitcoin. The five apps carried a malware called BadLepricon which was one of the first times Lookout has ever seen a mobile specific Bitcoin mining malware. Google was alerted and the apps were removed quickly.
Bitcoin Mining Malware
Called BadLepricon, the Bitcoin mining malware secretly used a phone’s processing power to mine for bitcoins. According to a Lookout blogpost, the five wallpaper apps had around 100 to 500 downloads each before they were removed. However, if someone had Lookout app installed on their device, they were protected from the malware.
Last month, Lookout found CoinKrypt malware, which mined coins like Litecoin, Dogecoin, and Casinocoin. One probable reason for why these digital currencies were used is that they are less difficult to mine when compared to Bitcoin. However, a phone’s processing power doesn’t really amount to much on its own but hundreds or thousands of devices, collectively, can make for a small-nifty little miner. It says in the blogpost,
“BadLepricon uses a Stratum mining proxy, allowing the author to easily change mining pools or connections to Bitcoin wallets with ease.”
This allows the creator of the malware to be somewhat anonymous since it hides which wallet the bitcoins are going to.
Apps Worked Normally
Interestingly enough, the five wallpaper apps had nice pictures as was advertised. But, BadLepricon malware entered the scene where every five seconds it checked the battery level, internet connection, and phone display. This was done in order to make sure the phone didn’t burn out. Lookout explains,
“It does this almost as a courtesy to your phone. Miners, when left unchecked, can damage a phone by using so much processing power that it burns out the device.”
Apparently, BadLepricon creator(s) was nice enough to make sure that they only mine on their victims phones that were running at a battery level of over 50 percent. Thus, the Bitcoin mining malware hid itself nicely. The malware also used a feature called WakeLock that guarantees a phone will not sleep even if the display is off. This means that it was mining for Bitcoin even when the phone was not in use.
Lookout suggests users to make sure the Android setting “unknown sources” is left unchecked, and to download a mobile security app to protect against viruses, malware and other things out there to get you.