YOUR SMARTPHONE could be secretly mining Bitcoin without you knowing, mobile security firm Lookout has warned after finding malware in Google Play that quietly uses a phone's processing power to create new virtual coins.
"We call it Badlepricon, and yes, that is how the malware authors spelled 'leprechaun'. We hope they were going for a clever play on the word "con'," Lookout said in a blog post. "The malware comes in the form of a wallpaper app."
Lookout said users of its app are protected from this malware and that they have let Google know about its presence in the Play store. The firmpromptly removed five of these applications after Lookout alerted it to the issue, each of which had between 100 and 500 installs.
Lookout said that because it is rather difficult to mine Bitcoins from the relatively low processing power of a smartphone, the miners often don't work alone.
"Instead, they work in groups, pooling their processing resources. They collect payment as a percentage of the processing power they contribute," Lookout explained. "In order to control the sometimes thousands of bots, the malware author may use a proxy to set up one point of contact."
Badlepricon uses a Stratum mining proxy, allowing the author to easily change mining pools or connections to Bitcoin wallets. It also gives the malware author some anonymity by obfuscating which wallet is being fed the mined Bitcoins, Lookout said.
"Phones truly are tiny computers in your back-pocket or purse. These devices are becoming more and more powerful and people are starting to come up with ways to take advantage of that power.
"We expect to see more mobile miners come to the foreground," Lookout added. µ
Sign up for INQbot – a weekly roundup of the best from the INQ