Has your cell phone been overheating lately? If it’s one of the more than one-million devices that’s installed either of two seemingly normal Android apps, then it may be secretly mining cryptocurrency without your knowledge.
Researchers say that two programs available in the operating system’s official application marketplace, Google Play, are embedded with scripts that force devices running those apps to silently mine for Litecoin and Dogecoin — two emerging forms of digital cryptocurrency derived from the immensely popular Bitcoin.
Cryptocurrencies only exist in the digital realm and are “mined” by way of a computing-intensive processes that is best carried out by high-end machines equipped with state-of-the-art graphics cards, and in some cases entire networks comprised of these computers. According to new research, though, Android users that installed either the “Songs” or “Prized” apps available for download in the Google Play store have been unknowingly allowing developers to take advantage of compromised devices to create new e-coins.
Veo Zhang, a mobile threats analyst for antivirus firm Trend Micro, wrote in a blog post on Tuesday this week that the malware known as “ANDROIDOS_KAGECOIN” had been repackaged in the two suspect apps.
“These apps have been downloaded by millions of users, which means that there may be many Android devices out there being used to mine cryptocurrency for cybercriminals,” Zhang wrote.
Indeed, statistics available through Google Play indicate that Songs was installed between one million and five million times since becoming available for Android devices, and Prized was put on anyway from 10,000 to 50,000 phones and tablets.
“Analyzing the code of these apps,” Zhang wrote, “reveal the cryptocurrency mining code inside.”
Unlike other malicious apps, however, these mining programs are developed so that Litecoin and Dogecoin are only generated when the devices are charging, presumably so that the legitimate user won’t notice rapid battery drainage. Because of the intensive process involved, however, the computing power of those devices are put to the test once mining begins, and someone physically holding the Android machine may become aware of malware being present because their phone or tablet will inexplicably start to overheat.
“Given the extremely modest resources of the typical smartphone, it's not at all clear why anyone would take the time to create an Android app that overtly or covertly mines currencies,” Dan Goodin wrote for the Ars Technica website on Wednesday this week.
Nevertheless, Trend Micro predicts that thousands of affected devices containing those apps have allowed cybercriminals to accumulate what Zhang says is likely “a great deal of Dogecoins,” and adds that the “murky language and vague terminology” contained in the applications’ terms and conditions suggest users who install those programs are rarely aware of the mining feature only publicized this week.
“Users with phones and tablets that are suddenly charging slowly, running hot, or quickly running out of batteries may want to consider if they have been exposed to this or similar threats,” Zhang wrote. “Also, just because an app has been downloaded from an app store – even Google Play – does not mean it is safe.”
On Thursday, Ars Technica updated their post to say that the one application, Prized, was no longer available in Google Play. Since then, links which previously directed to the “Songs” app in the Android marketplace have become defunct.
Also on Thursday, a LinkedIn profile was circulated online of a Ryan Ramminger from the Cincinnati, Ohio are who boasts of being the founder and CEO of Prized. American Civil Liberties Union technologist Chris Soghoian tweeted that the American-based app would thus be applicable to federal regulations.