Mobile security startup Lookout found malware that uses your phone’s processing power to mine Bitcoins. The malware is attached to apps on Google Play
Your cellphone could secretly be mining Bitcoins if you accidently downloaded some mobile malware on Google Play.
San Francisco-based mobile security startup Lookout recently found a piece of malware that quietly uses a phone’s processing power to create new coins. The malware is attached to wallpaper apps, but Google has removed at least five of these applications upon alerts from Lookout. The apps had been downloaded some 100 to 500 times before being removed.
Lookout called the new malware BadLepricon, which is how the malware authors spelled leprechaun.
Getting more than what you asked for
The apps fulfill their advertised purpose, providing wallpaper with a variety of themes, but the app fails to note in the terms of service that BadLepricon will – every five seconds – check your phone’s battery level, connectivity and whether the display is on. It does this because the miners can damage a phone by using too much processing power, so BadLepricon only runs when the battery is at more than 50%, the display is off and the phone has network connectivity. It does however use a WakeLock, which makes sure the phone doesn’t go to sleep when the display is turned off.
“If you’re a piece of malware, watching the phone’s battery power is a good way of hiding your activities as well,” Lookout said in an April 24 blog post on its discovery.
Even with up to 500 downloads, the malware isn’t that profitable, according to Lookout, which said that the difficulty of mining uses 600 quadcore services to generate 0.4 Bitcoins in one year. Miners often work together due to the high difficulty rate and pool processing power and collect payment based on what they contribute.
Another way to control the miners is to set up a proxy to set up one point of contact. BadLepricon uses a Stratum mining proxy, which allows the author to easily change mining pools or connections to Bitcoin wallets. The proxy also gives the malware author some anonymity through changing which wallet is being fed the mined bitcoins.
BadLepricon is not the first malware for mining that Lookout has exposed. In March Lookout found CoinKrypt, which mined Litecoin, Dogecoin and Casinocoin, because they took less computing power. CoinKrypt did not employ the same safety checks as BadLepricon, and therefore severely ran down battery on phones.
Bitcoins are worth about $440 as of Monday afternoon. The currency has traded as high as $1,151 in December and more recently as low as $401 earlier this month.
Founded in 2007, Lookout is a mobile security technology company that protects 50 million devices. The company noted that downloading its security product does protect against this kind of malware.
Photo credit: Shutterstock, Bitcoin miner