Android Bitcoin mining malware found on Google Play
Using a mobile device to mine for Bitcoin is hugely impractical. A recent experiment involving 600 quadcore servers managed to create just 0.4 Bitcoins over the course of a year, which makes mining with a mobile a lot like digging in a mostly-spent goldmine with a spoon.
But, in theory, if you could harness the power of enough mobile devices -- hundreds of thousands, or maybe millions -- you might be able to start generating Bitcoins. BadLepricon, a new piece of malware, takes that view and uses your phone’s processing power to mine for new coins. It’s disguised as a harmless wallpaper app, and several instances of it have already been found on Google Play.
Security firm Lookout says the wallpaper apps all did as was advertised and delivered live wallpaper, but also mined for Bitcoin when the device wasn’t being used. Cleverly, rather than just mining non-stop, the malware checks to make sure the battery life is at least 50 percent, the display is turned off, and the device has connectivity, before going to work. This way mobile owners are less likely to suspect something is up, allowing the malware to continue to run unchecked.
BadLepricon makes use of a Stratum mining proxy, enabling the malware’s author to change mining pools or connections to Bitcoin wallets with ease, and providing the creator with a degree of anonymity.
Lookout found five instances of BadLepricon on Google Play, and they were all removed promptly once Google had been alerted. The security firm says the "apps had between 100-500 installs each at the time of removal".
Despite these occasional scares, Google Play remains relatively malware free. Last year F-Secure found that only 0.1 percent of all the mobile malware on Android came from Google’s official app store.