Android Wallpaper Apps Secretly Mine Bitcoins

Google has removed five Android wallpaper applications from its Play store that were found to be secretly mining bitcoins, according to security firm Lookout.

The apps were found to contain a piece of malware which Lookout calls BadLepricon, and which used the processing power of user’s smartphones to carry out the computing operations by which new bitcoins are produced. Each of the applications had been installed between 100 to 500 times when they were removed.

Pooling resources

The malware linked the handsets to a network of others in order to pool large amounts of computing resources for bitcoin mining operations. The malware uses a proxy to coordinate the infected handsets, which allows its authors to change mining pools or connections, and which also conceals which bitcoin wallet is linked to the botnet.

“Miners often don’t work alone,” wrote Lookout researcher Meghan Kelly in a blog post. “They work in groups, pooling their processing resources. They collect payment as a percentage of the processing power they contribute.”

While smartphones are growing increasingly powerful, it is doubtful that they contributed much to the malware authors’ bitcoin operations, since bitcoins require large amounts of computing resources to create, Kelly said. A recent experiment found that 600 quad-core servers were only able to generate 0.4 coins per year, she wrote.

A similar piece of mobile malware discovered last month by Trend Micro, called CoinKrypt, targeted Dogecoins, Litecoins and Casinocoins, which can be produced with less computing power. The apps containing that malware, also found on Google Play, had registered between 1 million and 5 million downloads each.

One of CoinKrypt’s limitations was that it used so much computing power that it burned out infected handsets, making it relatively easy to spot.

‘Epic Smoke’

BadLepricon is more subtle, only running when a handset’s battery level is is more than 50 percent charged and the display is turned off. It uses a feature called WakeLock to ensure the handset doesn’t go into sleep mode even if the display is switched off.

The malware was attached to “live wallpaper” software apps with themes such as “Men’s Club”, “Urban Pulse”, “Epic Smoke” and “Beating Heart”, according to Lookout.

Lookout expects mobile coin mining malware to proliferate as handset power grows. “These devices are becoming more and more powerful and people are starting to come up with ways to take advantage of that power,” wrote Kelly. “We expect to see more mobile miners come to the foreground.”

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

4 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

4 days ago