Apps from Google Play drain devices with covert crypto-coin mining

Apps from Google Play drain devices with covert crypto-coin mining

Have you, by chance, put the harmlessapps Songs, or Prized on your Android device? If you are among the 1to 5 million users who installed the former, and the 10 000 to 50 000who installed the latter, you probably felt your 'droid wasn't thesame after. It got hot. It lagged. Its battery drained quickly. Itsdata usage skyrocketed. Yet, on the surface, everything appeared tobe in order.



Actually, everything was inorder - but only for said apps' creators, who engineered them tocovertly turn your device into a cryptocurrency mining drone, slavingaway for digital gold in a huge botnet. What a twist! Apparently,when users left their device to charge, these apps woke up fromdormancy and went to mine Bitcoin, Litecoin, and Dogecoin. As youmight know, mining cryptocurrency is a very compute-intensive processthat even the most powerful of today's mobile silicon can'tadequately deal with. But foster a mining pool of millions of phonesand tablets that work to put crypto-coins into your wallet, and oneday you'll wake up criminally rich... in weird Internet money.



That's probably what Songs and Prized'smakers thought, before security company Trend Micro reported themining operation. Such malicious schemes are already familiar, butthey used to be carried out only by apps available outside of theGoogle Play Store. The fact that these apps that we're talking aboutcome from, and are still available in what's supposed to be a safeheaven for Android software, is disconcerting, to say the least.



Trend Micro's Veo Zhang, the threatanalyst who reported the danger, had the following to say on thematter:





Meanwhile, Google is yet to comment onthe report.



source: TrendMicro via ARSTechnica

FEATURED VIDEO

10 Comments

1. Doakie

Posts: 2478; Member since: May 06, 2009

Boy these crypto currencies really just keep getting better and better in the news.

2. Ronoc039

Posts: 28; Member since: Jul 18, 2012

That is truly impressive

3. itsdeepak4u2000

Posts: 3718; Member since: Nov 03, 2012

Yeah, this is open source...

5. boosook

Posts: 1442; Member since: Nov 19, 2012

No, this isn't. The OS is open source. The apps were NOT open source, otherwise it would have been easy to spot what they actually did. These applications are called "Trojan horses" and have always been around, on every OS, being it windows, mac OS or whatever. If an application is closed source, it can do whatever it wants, and you have to trust the developer. On Linux, the risk is lower, because applications are usually open source as well as the OS, so there are no trojans unless users install closed source apps from external repositories. Did you ever stop to think that, every time you install an application on Windows or any other OS, that application can do whatever it wants? And this is what happened. It's not Android's fault. On Android, at least you can see which permissions an app requires. So, in theory, it's safer than, say, Windows. But in this case the app probably did not require any strange permission beyond internet access. So, as long as people install on their phones or PCs applications from unknown developers and with closed source code, trojan horses will always exist. Your comment is plain wrong. Open source is exactly what we need to stop trojan horses.

8. jroc74

Posts: 6023; Member since: Dec 30, 2010

Preach....

10. boosook

Posts: 1442; Member since: Nov 19, 2012

Just the truth.

7. jroc74

Posts: 6023; Member since: Dec 30, 2010

Yea...because this never happens on Windows desktop OS's....and happens all the time on desktop Linux... :/

4. vincelongman

Posts: 5720; Member since: Feb 10, 2013

I wonder how much money they made out of it ARM SoCs are really terrible at mining, But then again, since those apps were installed on millions of phones, they maybe could have made a decent amount

6. ScruffyNerfHerder

Posts: 5; Member since: Sep 21, 2012

I think you mean that ARM CPUs are not good at mining. Some ARM SoCs have integrated encryption hardware that can generate SHA2s very fast and efficiently (relative to the CPU).

9. vincelongman

Posts: 5720; Member since: Feb 10, 2013

I got a good gaming PC, but I haven't mined before, so I'm actually not too familiar with mining From what I've read phones/tablets are terrible at mining, though I haven't personally tried it so I might be wrong

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.