The Inquirer-Home

Malware found in Google Play secretly mines Bitcoin from Android smartphones

Google removes five affected apps which had 100 to 500 downloads each
Fri Apr 25 2014, 11:22

Bitcoin 3D logoYOUR SMARTPHONE could be secretly mining Bitcoin without you knowing, mobile security firm Lookout has warned after finding malware in Google Play that quietly uses a phone's processing power to create new virtual coins.

"We call it Badlepricon, and yes, that is how the malware authors spelled 'leprechaun'. We hope they were going for a clever play on the word "con'," Lookout said in a blog post. "The malware comes in the form of a wallpaper app."

Lookout said users of its app are protected from this malware and that they have let Google know about its presence in the Play store. The firmpromptly removed five of these applications after Lookout alerted it to the issue, each of which had between 100 and 500 installs.

Lookout said that because it is rather difficult to mine Bitcoins from the relatively low processing power of a smartphone, the miners often don't work alone.

"Instead, they work in groups, pooling their processing resources. They collect payment as a percentage of the processing power they contribute," Lookout explained. "In order to control the sometimes thousands of bots, the malware author may use a proxy to set up one point of contact."

Badlepricon uses a Stratum mining proxy, allowing the author to easily change mining pools or connections to Bitcoin wallets. It also gives the malware author some anonymity by obfuscating which wallet is being fed the mined Bitcoins, Lookout said.

"Phones truly are tiny computers in your back-pocket or purse. These devices are becoming more and more powerful and people are starting to come up with ways to take advantage of that power.

"We expect to see more mobile miners come to the foreground," Lookout added. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Internet of Things at Christmas poll

Which smart device are you hoping Santa brings?