Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

‘CoinKrypt’ Malware Uses Google Android Phones to Mine for Virtual Currency

Much of mobile malware is going after user data, but the CoinKrypt malware has something else in mind.

Much of mobile malware is going after user data, but the CoinKrypt malware has something else in mind.

As opposed to going after personal data or eavesdropping on phone calls like other mobile malware, CoinKrypt mines for cryptocurrency. According to researchers at Lookout Mobile Security, CoinKrypt is being spread on Spanish-language forums.  

“We were quite surprised and very skeptical about the effectiveness, which is why we independently tested smartphone hardware with a legitimate mining app to see how practical it was likely to be,” Lookout principal security researcher Marc Rogers told SecurityWeek. “Unsurprisingly it isn’t at all practical. I guess it does speak to the ingenuity of malware writers though – they are clearly willing to try anything, no matter how unlikely, to earn some coin.”

According to Rogers, the malware was being distributed inside pirated versions of applications and uploaded to forums that distributed the Google Android apps for free.

In a blog post, Rogers noted that while the malware does not steal information, it can be an incredibly resource-intensive activity. If it is allowed to go on without any limits, it could potentially damage hardware and cause it to overheat and burnout.

“As a minimum, users affected by this malware will find their phones getting warm and their battery-life massively shortened,” he noted. “Another added annoyance? CoinKrypt might suck up your data plan by periodically downloading what is known as a block chain, or a copy of the currency transaction history, which can be several gigabytes in size.”

The malware itself is fairly basic. It is composed of three small program sections embedded in the target application that are responsible for the mining process. It is this lack of complexity however that makes it somewhat dangerous, Rogers blogged.

“Normal mining software is set up to throttle the rate at which coins are mined to protect the hardware it is running on,” he wrote. “This includes no such protection and will drive the hardware to mine until it runs out of battery. Overheating associated with this kind of harsh use can also damage hardware.”

Advertisement. Scroll to continue reading.

The malware targets Litecoin, Dogecoin and Casinocoin while ignoring Bitcoin because of the relative difficulty in mining it.

“The difficulty for Bitcoin is so tough right now that a recent mining experiment using 600 quadcore servers was only able to generate 0.4 bit coins,” Rogers blogged. “When we tested the feasibility of mining using a Nexus 4 by using Android mining software such as the application “AndLTC”, we were only able to attain a rate of about 8Kh/s – or 8,000 hash calculations per second, the standard unit of measure for mining. Using a Litecoin calculator and the difficulty setting mentioned above we can see that this would net us 0.01 LTC after seven days non-stop mining. That’s almost 20 cents.”

Just recently, researchers at Trend Micro noted the appearance of Google Android malware as repacked copies of popular apps such as Football Manager Handheld and TuneIn Radio that is involved in mining digital money. The apps were injected with the CPU mining code from a legitimate Android cryptocurrency mining app that is based on the well-known cpuminer software.

“Users with phones and tablets that are suddenly charging slowly, running hot, or quickly running out of batteries may want to consider if they have been exposed to this or similar threats,” blogged Trend Micro Mobile Threats Analyst Veo Zhang. “Also, just because an app has been downloaded from an app store – even Google Play – does not mean it is safe.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.