Connect with us

Hi, what are you looking for?


Mobile & Wireless

‘CoinKrypt’ Malware Uses Google Android Phones to Mine for Virtual Currency

Much of mobile malware is going after user data, but the CoinKrypt malware has something else in mind.

Much of mobile malware is going after user data, but the CoinKrypt malware has something else in mind.

As opposed to going after personal data or eavesdropping on phone calls like other mobile malware, CoinKrypt mines for cryptocurrency. According to researchers at Lookout Mobile Security, CoinKrypt is being spread on Spanish-language forums.  

“We were quite surprised and very skeptical about the effectiveness, which is why we independently tested smartphone hardware with a legitimate mining app to see how practical it was likely to be,” Lookout principal security researcher Marc Rogers told SecurityWeek. “Unsurprisingly it isn’t at all practical. I guess it does speak to the ingenuity of malware writers though – they are clearly willing to try anything, no matter how unlikely, to earn some coin.”

According to Rogers, the malware was being distributed inside pirated versions of applications and uploaded to forums that distributed the Google Android apps for free.

In a blog post, Rogers noted that while the malware does not steal information, it can be an incredibly resource-intensive activity. If it is allowed to go on without any limits, it could potentially damage hardware and cause it to overheat and burnout.

“As a minimum, users affected by this malware will find their phones getting warm and their battery-life massively shortened,” he noted. “Another added annoyance? CoinKrypt might suck up your data plan by periodically downloading what is known as a block chain, or a copy of the currency transaction history, which can be several gigabytes in size.”

The malware itself is fairly basic. It is composed of three small program sections embedded in the target application that are responsible for the mining process. It is this lack of complexity however that makes it somewhat dangerous, Rogers blogged.

Advertisement. Scroll to continue reading.

“Normal mining software is set up to throttle the rate at which coins are mined to protect the hardware it is running on,” he wrote. “This includes no such protection and will drive the hardware to mine until it runs out of battery. Overheating associated with this kind of harsh use can also damage hardware.”

The malware targets Litecoin, Dogecoin and Casinocoin while ignoring Bitcoin because of the relative difficulty in mining it.

“The difficulty for Bitcoin is so tough right now that a recent mining experiment using 600 quadcore servers was only able to generate 0.4 bit coins,” Rogers blogged. “When we tested the feasibility of mining using a Nexus 4 by using Android mining software such as the application “AndLTC”, we were only able to attain a rate of about 8Kh/s – or 8,000 hash calculations per second, the standard unit of measure for mining. Using a Litecoin calculator and the difficulty setting mentioned above we can see that this would net us 0.01 LTC after seven days non-stop mining. That’s almost 20 cents.”

Just recently, researchers at Trend Micro noted the appearance of Google Android malware as repacked copies of popular apps such as Football Manager Handheld and TuneIn Radio that is involved in mining digital money. The apps were injected with the CPU mining code from a legitimate Android cryptocurrency mining app that is based on the well-known cpuminer software.

“Users with phones and tablets that are suddenly charging slowly, running hot, or quickly running out of batteries may want to consider if they have been exposed to this or similar threats,” blogged Trend Micro Mobile Threats Analyst Veo Zhang. “Also, just because an app has been downloaded from an app store – even Google Play – does not mean it is safe.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.