Using malicious software to mine cryptocurrencies on desktop PCs is nothing new, but now mobile phones are also being infected for the same reason. Any device that has sufficient compute power is able to contribute to a mining effort and therefore, some Android apps from Google Play and third-party markets are now being used to secretly install the mining software.
Even though the process is similar on both desktop PCs and mobile devices, people with infected smartphones are tipped off because of the battery drain that inevitably occurs. Researchers at two different security firms discovered the malicious apps and determined how they work once installed. The majority of infected applications are found on third-party Web sites but two (Songs and Prized) were on Google Play and as of this morning, Songs was still available.
The mining process requires a significant amount of resources, especially for popular digital currencies like Bitcoin and Litecoin. Instead of having banks validate transactions, user compute power is employed to validate the transactions and prevent fraud. In order to make the process worthwhile, units of the currency are given to the miners, providing a way for people to make money. But this has attracted hackers who can infect other devices in order to earn more.
Outside of a slow computer, there are very few ways to tell if your PC has been infected with a mining script. That is not the case with mobile devices, since battery drain will usually occur if a piece of software is using too much energy.
Marc Rogers, a security researcher with Lookout Software, helped to discover the CoinKrypt mining script for digital currencies. In a blog post, Rogers explained that during his research it became clear that a phone’s battery and plan could be impacted while the mining script is running.
“At a minimum, users affected by this malware will find their phones getting warm and their battery life massively shortened," Rogers said. “Another added annoyance? CoinKrypt might suck up your data plan by periodically downloading what is known as a block chain . . . which can be several gigabytes in size.”
For the most part, Rogers says that the criminals have targeted Litecoin and Dogecoin rather than Bitcoin since mining Bitcoin with any regular smartphone, tablet, or PC, is much more difficult. Still, over the course of seven days of non-stop Litecoin mining, Rogers’ team only accrued 20 cents worth of the currency in its test. This means that a hacker would have to infect thousands of devices just to earn a fair amount of money from the process.
According to security firm Trend Micro, the cybercriminals focused on Dogecoin since it is worth less than other digital currencies. “We believe that with thousands of affected devices, cybercriminals accumulated a great deal of Dogecoins," according to the firm. Clever as the attack is, whoever carried it out may not have thought things through as phones do not have sufficient performance to serve as effective miners.