Android users, beware: Simple wallpaper apps found to secretly mine bitcoin

Google Play Store Android Bitcoin Malware

Not long ago it was discovered that a couple of Google Play Store Android applications that were downloaded anywhere from one million to five million times had malicious code that covertly turned Android devices into silent Bitcoin miners. The malware managed to bypass Google’s Play Store security, but they were not the only ones to include digital currency mining capabilities. A new report from security firm Lookout reveals that at least five other applications from Google’s app store can also turn Android smartphones and tablets into miners.

Called BadLepricon, the malware masquerades as a wallpaper app that hijacks the user’s device in certain conditions. The app works as a wallpaper app, but it also silently checks battery level, connectivity and display status (whether on or off) every five seconds. When the battery level is over 50%, the display is off and the phone is connected to a network, BadLepricon starts mining Bitcoin. It does so in order to prevent the phone from getting hot while the user actually uses it and thus to prevent detection, as Bitcoin mining puts a serious strain on computing power, thus consuming more battery life than usual and generating more heat in the process. The malware also features a WakeLock feature that prevents the phone from going to sleep even when the display is turned off.

Furthermore, BadLepricon allows the creator to easily control its Android Bitcoin miners in order to connect them to mining pools or Bitcoin wallets with ease.

Unlike the previous covert miner apps, the five apps that packed this malicious code were not as popular, registering between 100 and 500 downloads each. The apps ridden with this new malware include Beating heart Live Wallpaper, Epic Smoke Live Wallpaper, Urban Pulse Live Wallpaper and Mens Club Live Wallpaper.

However, it’s clear that Google is unable at this time to prevent such apps from launching in the Google Play Store.

Lookout says its security app protects users from this newly found security threat. Furthermore, the company advises users to have the “Unknown sources” Android system setting unchecked, “to prevent dropped or drive-by-download app installs.”

Source:
Lookout
blog comments powered by Disqus