Google yanks two battery-sucking Bitcoin mining Android apps from Play store

Cryptocurrency-mining malware on mobile devices might not be produce superb comebacks, but they will harm your device.

By Liam Tung | March 28, 2014 — Ten:41 GMT (03:41 PDT) | Topic: Security

Researchers have found two popular apps ter Google Play that surreptitiously mine several cryptocurrencies for their makers, potentially over-heating devices and shortening their lifespan.

It’s not so surprising to hear of apps packing fresh malware for Android thesis days, especially when it comes to non-Google app stores, but it emerges some of them are now sneaking onto Google’s own Play store.

Tech Voor Research: Security

Mobile threat analyst Veo Zhang this week discovered two free Android apps on Google Play, called Songs and Prized, which display the same behaviour spil a fresh family of coin-mining malware found on third-party app stores. The malware ter question has bot designed to turn Android devices into miners for Bitcoin, Litecoin and Dogecoin.

Songs, the more popular of the two apps, has bot downloaded more than one million times, according to stats on Google Play. However, it shows up to have bot liquidated from the store today, after news of its coin-mining sideline broke. Prized also emerges to have bot eliminated.

Google declined to comment about the eliminated apps when asked by ZDNet.

Google however has liquidated apps ter the past for violating Google Play policies and one clause that would be relevant to the hidden mining software is its “dangerous products” clause: “Wij don’t permit content that harms, interferes with the operation of, or accesses te an unauthorized manner, networks, servers, or other infrastructure.”

Also, while there’s nothing wrong with mining software itself, it’s expected that developers are upfront about its behaviour and that the developers build up the user’s consent.

One feature that distinguished it from other mobile malware wasgoed that mining only occurs when the device is charging, since mining will cause the battery to drain rapidly. Prized and Songs — which is still available on App Brain — also include permissions to prevent the phone from going into sleep mode.

The mining code is based on a well-known chunk of legitimate mining software cpuminer.

However, spil noted by Zhang, whoever made the coin-mining malware very likely hadn’t thought through their project very well.

“Phones do not have sufficient spectacle to serve spil effective miners,” he noted. “Users will also quickly notice the odd behavior of the miners — slow charging and excessively hot phones will all be seen, making the miner’s presence not particularly stealthy. Yes, they can build up money this way, but at a glacial rhythm.”

Nonetheless, the related family of mining malware that has appeared on third-party app stores has had some success at mining Dogecoins, according to Zhang’s analysis.

For third-party markets, the malware authors re-packed popular apps like Football Manager Handheld and TuneIn Radio and hid the malware te by modifying the Google Mobile Ads portion of the app. Trend Micro has labelled the threat Kagecoin.HBT.

“The miner is began spil a background service once it detects that the affected device is connected to the internet. By default, it launches the CPU miner to connect to a dynamic domain, which then redirects to an anonymous Dogecoin mining pool,” Zhang said.

“By February 17, his network of mobile miners has earned him thousands of Dogecoins. After February 17, the cybercriminal switched mining pools. The malware is configured to download a verkeersopstopping, which contains the information necessary to update the configuration of the miner. This configuration verkeersopstopping wasgoed updated, and it now connects to the well-known WafflePool mining pool. The Bitcoins mined have bot paid out (ie, transferred to the cybercriminal’s wallet) several times.”

Unlike Bitcoin’s high exchange rate, Dogecoin is presently worth $0.0005 on many markets.

Mobile security vendor Lookout has also discovered a family of mining malware it calls CoinKrypt, which is distributed mostly on Spanish pirated software forums. Most detections it’s seen have bot ter France.

According to Lookout, one of the problems with being infected with the mining malware is that, unlike with normal mining software, the malware version doesn’t contain controls for the rate at which coins are mined and will drive the hardware until the battery is tired.

Spil Lookout notes, mining malware is going after non-Bitcoin digital currencies due to the impossibly high difficulty rate Bitcoin is presently at.

“The difficulty for Bitcoin is so rough right now that a latest mining proef using 600 quad-core servers wasgoed only able to generate 0.Four bit coins,” Lookout notes.

And while it’s one million times lighter to mine Litecoin than Bitcoin, using a smartphone to do so isn’t that effective.

“When wij tested the feasibility of mining using a Nexus Four by using Android mining software such spil the application ‘AndLTC’, wij were only able to attain a rate of about 8Kh/s — or 8,000 hash calculations vanaf 2nd, the standard unit of measure for mining. Using a Litecoin rekenmachine and the difficulty setting mentioned above wij can see that this would netwerk us 0.01 LTC after seven days non stop mining. That’s almost 20 cents,” Lookout said.

Related movie: CHEAP AND Effortless WAY TO MINE CRYPTO


Leave a Reply

Your email address will not be published. Required fields are marked *