X

Bitcoin-mining malware reportedly found on Google Play

Fake wallpaper apps turned phones into bots for the power- and computationally intensive process of producing crypto-currency, a mobile security firm warns.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
See full bio
Steven Musil
2 min read

badlepricon-google-play-store1.jpg
Wallpaper apps discovered concealing bitcoin-mining malware. Lookout

Researchers have identified more malware at the Google Play store that secretly harnesses users' devices to perform the arduous computational process of mining for bitcoins.

The malware, dubbed BadLepricon, was found masquerading as wallpaper apps that had hundreds of installs each, according to Lookout, a mobile security firm. Google promptly removed five such apps from the Google Play marketplace after being alerted to their presence, Lookout wrote in a blog post Thursday.

"These apps did fulfill their advertised purpose in that they provided live wallpaper apps, which vary in theme from anime girls to 'epic smoke' to attractive men," Meghan Kelly, a Lookout security communications manager, wrote. "However, without alerting you in the terms of service, BadLepricon enters into an infinite loop where -- every five seconds -- it checks the battery level, connectivity, and whether the phone's display was on."

As mobile devices become more powerful and sophisticated, malware authors are increasingly targeting tablets and smartphones to mine cryptocurrencies. The malware essentially turns the devices into a bot that uses a great deal of computer processor and battery power without the device owners' knowledge or consent.

If left unchecked, bitcoin miners can use up so much processing power that it burns out the device, Kelly warned. So to avoid a circumstance that would lead to the malware's discovery, BadLepricon checks to make sure the battery contains at least 50 percent of its capacity, it has Internet connectivity, and that its display is turned off.

The sophisticated malware also used a Stratum proxy that allowed the malware's author to easily change mining pools and anonymously control which bitcoin wallet receives the newly minted crypto-coins, researchers wrote. The malware also uses a feature called a WakeLock to prevent the device from going to sleep even if the display is turned off.

The discovery marks the second time in less than a month that bitcoin-mining malware has been found lurking on the Google Play marketplace. Antivirus provider Trend Micro reported last month that a pair of bitcoin-mining apps had been discovered at the store involved in the mining for various digital currencies, including Bitcoin, Litecoin, and Dogecoin.

CNET has contacted Google for comment and will update this report when we learn more.

(Via Ars Technica)