Android apps booby-trapped to mine virtual cash

People using phones The coin mining apps can quickly run down a phone's battery

Related Stories

Android apps that have been downloaded millions of times have been subverted to mine virtual coins for cyberthieves, say security firms.

Two firms have found apps inside and outside the Google Play store seeded with the hidden mining code.

The programs have been mining coins for the Dogecoin, Litecoin and Casinocoin virtual currencies.

If installed, the booby-trapped apps will run down a phone's battery very quickly, said researchers.

Hot phones

Some of the apps harbouring the mining code were found on non-official Android stores but two of the programs, called Songs and Prized, are still available on the Google Play store. Songs has been downloaded at least one million times.

Lookout said it had seen the apps in stores popular in Spain and France.

Thieves are keen to steal computer power because virtual currencies such as Bitcoin, Dogecoin and others rely on large networks of connected machines. All those computers verify who is spending what and fresh coins are handed out for being involved - a process known as mining.

The more computer power someone can amass, the more mining they can do and, potentially, the more coins they can acquire.

However, using phones to do the mining was "odd", said Trend Micro researcher Veo Zhang in a blogpost detailing the apps seeded with the crypto coin code.

"Phones do not have sufficient performance to serve as effective miners," he said.

Start Quote

Yes, they can gain money this way, but at a glacial pace”

End Quote Veo Zhang Trend Micro

Lookout security researcher Marc Rogers said the simplistic nature of the code made it potentially dangerous as it made no attempt to manage how much processing power it used. Instead, he said, it just grabbed as much as it can.

"It will drive the hardware to mine until it runs out of battery," he said. "Overheating associated with this kind of harsh use can also damage hardware."

Those behind the coin code might have made efforts to hide the fact that phones were mining but users were still likely to notice, said Mr Zhang.

"Slow charging and excessively hot phones will all be seen, making the miner's presence not particularly stealthy," he wrote. "Yes, they can gain money this way, but at a glacial pace."

Despite this, he said, one of the groups producing the malicious apps had managed to amass thousands of Dogecoins which they then swapped for Bitcoins. One Bitcoin is currently worth £337.

Mr Rogers from Lookout said users might notice as mining involves swapping lots of data back and forth - which could quickly eat up a monthly data allowance.

Mr Zhang said Trend Micro had told Google's Android security team about its findings. Google has yet to comment on the discovery of the mining apps.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features & Analysis

BBC Future

(Jeff Turner/Flickr/CC BY 2.0)

Is tech transforming language?

The truth about online communication Read more...

Programmes

  • A computer generated of image of a robotic probe issued by Lunar MissionClick Watch

    Scientists seek crowdfunding to send probe to the Moon, plus other technology news

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.