Have you, by chance, put the harmless apps Songs, or Prized on your Android device? If you are among the 1 to 5 million users who installed the former, and the 10 000 to 50 000 who installed the latter, you probably felt your 'droid wasn't the same after. It got hot. It lagged. Its battery drained quickly. Its data usage skyrocketed. Yet, on the surface, everything appeared to be in order.
Actually, everything was in order - but only for said apps' creators, who engineered them to covertly turn your device into a cryptocurrency mining drone, slaving away for digital gold in a huge botnet. What a twist! Apparently, when users left their device to charge, these apps woke up from dormancy and went to mine Bitcoin, Litecoin, and Dogecoin. As you might know, mining cryptocurrency is a very compute-intensive process that even the most powerful of today's mobile silicon can't adequately deal with. But foster a mining pool of millions of phones and tablets that work to put crypto-coins into your wallet, and one day you'll wake up criminally rich... in weird Internet money.
That's probably what Songs and Prized's makers thought, before security company Trend Micro reported the mining operation. Such malicious schemes are already familiar, but they used to be carried out only by apps available outside of the Google Play Store. The fact that these apps that we're talking about come from, and are still available in what's supposed to be a safe heaven for Android software, is disconcerting, to say the least.
Trend Micro's Veo Zhang, the threat analyst who reported the danger, had the following to say on the matter:
Meanwhile, Google is yet to comment on the report.