Apps from Google Play drain devices with covert crypto-coin mining
Have you, by chance, put the harmless apps Songs, or Prized on your Android device? If you are among the 1 to 5 million users who installed the former, and the 10 000 to 50 000 who installed the latter, you probably felt your 'droid wasn't the same after. It got hot. It lagged. Its battery drained quickly. Its data usage skyrocketed. Yet, on the surface, everything appeared to be in order.
Actually, everything was in order - but only for said apps' creators, who engineered them to covertly turn your device into a cryptocurrency mining drone, slaving away for digital gold in a huge botnet. What a twist! Apparently, when users left their device to charge, these apps woke up from dormancy and went to mine Bitcoin, Litecoin, and Dogecoin. As you might know, mining cryptocurrency is a very compute-intensive process that even the most powerful of today's mobile silicon can't adequately deal with. But foster a mining pool of millions of phones and tablets that work to put crypto-coins into your wallet, and one day you'll wake up criminally rich... in weird Internet money.
That's probably what Songs and Prized's makers thought, before security company Trend Micro reported the mining operation. Such malicious schemes are already familiar, but they used to be carried out only by apps available outside of the Google Play Store. The fact that these apps that we're talking about come from, and are still available in what's supposed to be a safe heaven for Android software, is disconcerting, to say the least.
Trend Micro's Veo Zhang, the threat analyst who reported the danger, had the following to say on the matter:
Meanwhile, Google is yet to comment on the report.
1. Doakie (Posts: 1322; Member since: 06 May 2009)
Boy these crypto currencies really just keep getting better and better in the news.
5. boosook (Posts: 1089; Member since: 19 Nov 2012)
No, this isn't. The OS is open source. The apps were NOT open source, otherwise it would have been easy to spot what they actually did.
These applications are called "Trojan horses" and have always been around, on every OS, being it windows, mac OS or whatever.
If an application is closed source, it can do whatever it wants, and you have to trust the developer. On Linux, the risk is lower, because applications are usually open source as well as the OS, so there are no trojans unless users install closed source apps from external repositories.
Did you ever stop to think that, every time you install an application on Windows or any other OS, that application can do whatever it wants? And this is what happened. It's not Android's fault.
On Android, at least you can see which permissions an app requires. So, in theory, it's safer than, say, Windows. But in this case the app probably did not require any strange permission beyond internet access.
So, as long as people install on their phones or PCs applications from unknown developers and with closed source code, trojan horses will always exist.
Your comment is plain wrong. Open source is exactly what we need to stop trojan horses.
7. jroc74 (Posts: 5192; Member since: 30 Dec 2010)
Yea...because this never happens on Windows desktop OS's....and happens all the time on desktop Linux...
4. vincelongman (Posts: 1696; Member since: 10 Feb 2013)
I wonder how much money they made out of it
ARM SoCs are really terrible at mining,
But then again, since those apps were installed on millions of phones, they maybe could have made a decent amount
6. ScruffyNerfHerder (Posts: 5; Member since: 21 Sep 2012)
I think you mean that ARM CPUs are not good at mining. Some ARM SoCs have integrated encryption hardware that can generate SHA2s very fast and efficiently (relative to the CPU).
9. vincelongman (Posts: 1696; Member since: 10 Feb 2013)
I got a good gaming PC, but I haven't mined before, so I'm actually not too familiar with mining
From what I've read phones/tablets are terrible at mining, though I haven't personally tried it so I might be wrong