Cryptocurrencies have been huge for years, but the digital assets have now well and truly gone mainstream. Even with Bitcoin having lost half of its value since its peak in April, it’s still worth more than $32,000 a coin. Everyone wants a piece of the pie, so it’s no surprise that dozens of cryptocurrency mining apps have been released for Android. Unfortunately, many of these apps are scams, and thousands of users have had their money stolen as a result.
Lookout published a detailed report this week about the malicious crypto-mining apps. Their security researchers identified over 170 scam apps that claim to provide cloud cryptocurrency mining services for a fee. They don’t actually mine anything, but they will take your money.
“The apps’ entire raison d’être is to steal money from users through legitimate payment processes, but never deliver the promised service,” explained the Lookout Threat Lab researchers on their blog. “Based on our analysis, they scammed more than 93,000 people and stole at least $350,000 between users paying for apps and buying additional fake upgrades and services.”
Lookout separated the apps into two distinct categories which they named BitScam and CloudScam. The only real difference is that BitScam apps accept Bitcoin and Ethereum as payment options. Most frightening of all, though, is the fact that Lookout found 25 of the apps on the Google Play store. Google removed all of the apps, but the scammers still profited.
How Android cryptocurrency mining apps scam users
If you’re wondering how users get scammed, it’s pretty simple. First of all, many of the apps have an upfront cost, so even if you never use them, the scammers already have your money. In order to keep users on the hook, they would sell upgrades and subscriptions within their apps. Users were also not allowed to withdraw their earnings until they reached a minimum balance. Even if they reached that balance, the apps would simply display an error message or reset the balance.
“Similar to BitScam, CloudScam apps offer options for users to earn more coins at an increased rate, such as “upgrading” to a subscription plan with lower minimum withdrawal balance and higher mining rates, referring friends and earning “20%” of their friend’s earnings, and daily rewards,” Lookout notes. “None of these options will earn users coins. Instead, they result in generating more revenue for the scammers behind these apps.”
If you’ve ever downloaded an app that purports to mine cryptocurrency, check this list from Lookout. You shouldn’t have anything listed there on any of your personal devices.