Android apps booby-trapped to mine virtual cash

People using phones The coin mining apps can quickly run down a phone's battery

Related Stories

Android apps that have been downloaded millions of times have been subverted to mine virtual coins for cyberthieves, say security firms.

Two firms have found apps inside and outside the Google Play store seeded with the hidden mining code.

The programs have been mining coins for the Dogecoin, Litecoin and Casinocoin virtual currencies.

If installed, the booby-trapped apps will run down a phone's battery very quickly, said researchers.

Hot phones

Some of the apps harbouring the mining code were found on non-official Android stores but two of the programs, called Songs and Prized, are still available on the Google Play store. Songs has been downloaded at least one million times.

Lookout said it had seen the apps in stores popular in Spain and France.

Thieves are keen to steal computer power because virtual currencies such as Bitcoin, Dogecoin and others rely on large networks of connected machines. All those computers verify who is spending what and fresh coins are handed out for being involved - a process known as mining.

The more computer power someone can amass, the more mining they can do and, potentially, the more coins they can acquire.

However, using phones to do the mining was "odd", said Trend Micro researcher Veo Zhang in a blogpost detailing the apps seeded with the crypto coin code.

"Phones do not have sufficient performance to serve as effective miners," he said.

Start Quote

Yes, they can gain money this way, but at a glacial pace”

End Quote Veo Zhang Trend Micro

Lookout security researcher Marc Rogers said the simplistic nature of the code made it potentially dangerous as it made no attempt to manage how much processing power it used. Instead, he said, it just grabbed as much as it can.

"It will drive the hardware to mine until it runs out of battery," he said. "Overheating associated with this kind of harsh use can also damage hardware."

Those behind the coin code might have made efforts to hide the fact that phones were mining but users were still likely to notice, said Mr Zhang.

"Slow charging and excessively hot phones will all be seen, making the miner's presence not particularly stealthy," he wrote. "Yes, they can gain money this way, but at a glacial pace."

Despite this, he said, one of the groups producing the malicious apps had managed to amass thousands of Dogecoins which they then swapped for Bitcoins. One Bitcoin is currently worth £337.

Mr Rogers from Lookout said users might notice as mining involves swapping lots of data back and forth - which could quickly eat up a monthly data allowance.

Mr Zhang said Trend Micro had told Google's Android security team about its findings. Google has yet to comment on the discovery of the mining apps.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories



  • Mukesh SinghNo remorse

    Delhi bus rapist says victim shouldn't have fought back

  • Aimen DeanI spied

    The founder member of al-Qaeda who worked for MI6

  • Before and after shotsPerfect body

    Just how reliable are 'before and after' photos?

  • Lotus 97T driven by Elio de AngelisBeen and gone

    A champion F1 designer and other notable losses

  • A poster of Boris Nemtsov at a rally in St Petersburg, Russia, 1 MarchWho killed Nemtsov?

    Theories abound over murder that shocked Moscow

Try our new site and tell us what you think. Learn more
Take me there

Copyright © 2015 BBC. The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.