x PhoneArena is looking for new authors! To view all available positions, click here.
  • Home
  • News
  • Apps from Google Play drain devices with covert crypto-coin mining

Apps from Google Play drain devices with covert crypto-coin mining

Posted: , by Luis D.

Tags:

Apps from Google Play drain devices with covert crypto-coin mining

Have you, by chance, put the harmless apps Songs, or Prized on your Android device? If you are among the 1 to 5 million users who installed the former, and the 10 000 to 50 000 who installed the latter, you probably felt your 'droid wasn't the same after. It got hot. It lagged. Its battery drained quickly. Its data usage skyrocketed. Yet, on the surface, everything appeared to be in order.


Actually, everything was in order - but only for said apps' creators, who engineered them to covertly turn your device into a cryptocurrency mining drone, slaving away for digital gold in a huge botnet. What a twist! Apparently, when users left their device to charge, these apps woke up from dormancy and went to mine Bitcoin, Litecoin, and Dogecoin. As you might know, mining cryptocurrency is a very compute-intensive process that even the most powerful of today's mobile silicon can't adequately deal with. But foster a mining pool of millions of phones and tablets that work to put crypto-coins into your wallet, and one day you'll wake up criminally rich... in weird Internet money.


That's probably what Songs and Prized's makers thought, before security company Trend Micro reported the mining operation. Such malicious schemes are already familiar, but they used to be carried out only by apps available outside of the Google Play Store. The fact that these apps that we're talking about come from, and are still available in what's supposed to be a safe heaven for Android software, is disconcerting, to say the least.


Trend Micro's Veo Zhang, the threat analyst who reported the danger, had the following to say on the matter:


"Users will quickly notice the odd behavior of the miners – slow charging and excessively hot phones will all be seen, making the miner’s presence not particularly stealthy. Users with phones and tablets that are suddenly charging slowly, running hot, or quickly running out of batteries may want to consider if they have been exposed to this or similar threats."


Meanwhile, Google is yet to comment on the report.


source: Trend Micro via ARSTechnica

10 Comments
  • Options
    Close




posted on 27 Mar 2014, 04:08 1

1. Doakie (Posts: 1175; Member since: 06 May 2009)


Boy these crypto currencies really just keep getting better and better in the news.

posted on 27 Mar 2014, 05:02

2. Ronoc039 (Posts: 26; Member since: 18 Jul 2012)


That is truly impressive

posted on 27 Mar 2014, 05:40

3. itsdeepak4u2000 (Posts: 2457; Member since: 03 Nov 2012)


Yeah, this is open source...

posted on 27 Mar 2014, 12:45 1

5. boosook (Posts: 932; Member since: 19 Nov 2012)


No, this isn't. The OS is open source. The apps were NOT open source, otherwise it would have been easy to spot what they actually did.
These applications are called "Trojan horses" and have always been around, on every OS, being it windows, mac OS or whatever.
If an application is closed source, it can do whatever it wants, and you have to trust the developer. On Linux, the risk is lower, because applications are usually open source as well as the OS, so there are no trojans unless users install closed source apps from external repositories.
Did you ever stop to think that, every time you install an application on Windows or any other OS, that application can do whatever it wants? And this is what happened. It's not Android's fault.
On Android, at least you can see which permissions an app requires. So, in theory, it's safer than, say, Windows. But in this case the app probably did not require any strange permission beyond internet access.
So, as long as people install on their phones or PCs applications from unknown developers and with closed source code, trojan horses will always exist.
Your comment is plain wrong. Open source is exactly what we need to stop trojan horses.

posted on 27 Mar 2014, 18:58

8. jroc74 (Posts: 4720; Member since: 30 Dec 2010)


Preach....

posted on 28 Mar 2014, 18:26

10. boosook (Posts: 932; Member since: 19 Nov 2012)


Just the truth.

posted on 27 Mar 2014, 18:58

7. jroc74 (Posts: 4720; Member since: 30 Dec 2010)


Yea...because this never happens on Windows desktop OS's....and happens all the time on desktop Linux...

:/

posted on 27 Mar 2014, 05:52 1

4. vincelongman (Posts: 1034; Member since: 10 Feb 2013)


I wonder how much money they made out of it
ARM SoCs are really terrible at mining,
But then again, since those apps were installed on millions of phones, they maybe could have made a decent amount

posted on 27 Mar 2014, 18:10

6. ScruffyNerfHerder (Posts: 5; Member since: 21 Sep 2012)


I think you mean that ARM CPUs are not good at mining. Some ARM SoCs have integrated encryption hardware that can generate SHA2s very fast and efficiently (relative to the CPU).

posted on 27 Mar 2014, 22:32

9. vincelongman (Posts: 1034; Member since: 10 Feb 2013)


I got a good gaming PC, but I haven't mined before, so I'm actually not too familiar with mining
From what I've read phones/tablets are terrible at mining, though I haven't personally tried it so I might be wrong

Want to comment? Please login or register.

Latest stories