Download the wrong apps onto your Android phone, and you may find yourself unwittingly contributing to the growing cryptocurrency market. Researchers from Lookout, a mobile security company, have discovered several apps being sold on the Google Play store that contain malware that will mine Bitcoins.
The process of mining cryptocurrency is intensive and can be taxing on hardware. Those who go about it through honest means require several high powered computers to make it actually worthwhile. For smartphones, mining can drastically drain a battery’s power, and will slow the phone down. The phones will also heat up much quicker, which would make a phone not only uncomfortable to use, but can damage it in the long run.
The newest piece of malware that Lookout has found goes by the very fitting name of BadLepricon. It was hidden deep within wallpaper apps that were being offered on the Google Play store. Lookout found 5 apps with Bad Lepricon, with between 100 to 500 downloads. The apps fulfill their stated purpose, but while seemingly innocently decorating smartphones, they have been secretly doing something much more insidious.
Every five minutes, BadLepricon enters an infinite loop and checks the battery level of the phone, its connectivity, and whether the screen is on or off. The mining will only occur if the battery level is over 50 percent. This is believed to be a counter measure to prevent people from catching on and realizing that their batteries are draining way to fast. Badlepricon features WakeLock, which prevents the phone from going into standby when the screen is turned off, keeping mining operations running when a phone should be using almost no data or power. It also includes a stratum mining proxy, which allows operators to join and change their mining pools. This allows miners to share in the Bitcoins being earned, and keeps their identities anonymous.
It would take millions of phones to likely make much money in terms of Bitcoins, being that they require such a high amount of processing power, meaning that the BadLepricon likely did not accomplish much for its creators. However, a month ago, researchers at another 3rd party company, TrendMicro, found two apps on the Google Play store with upwards to 5 million downloads. These apps, with such high download rates, could have earned the creators thousands of dollars worth of Litecoins and Dogecoins.
Google has removed the offending apps, but the fact that they had to remove the apps after they already spread shows that Google is failing at screening the apps they allow on their marketplace. Google uses a cloud-based scanner known as Bouncer to screen apps on Google Play, but it seems the scanner is not protecting Android users well enough. If mining malware can easily be snuck onto Android smartphones, even more malicious software can too. If Google is dropping the ball, as it seems to be, Android users may have to be concerned that the sensitive data sent over their smartphones may not be secure.
Edited by Alisen Downey