Google Pulls Five Mobile Wallpaper Apps Due to Bitcoin Mining Malware

shutterstock_121524487
24 April 2014

Lookout, a mobile security startup based in San Francisco, has identified a new type of bitcoin mining malware that targets mobile devices. Dubbed ‘BadLepricon’, the malware represents a more sophisticated type of mining malware attack than previously seen.

The malware was designed to be delivered via a wallpaper app. Lookout identified five separate apps that contained BadLepricon, and Google removed the apps soon after being contacted by the mobile security firm.

The company announced the discovery in a 24th April blog post, citing the specifics of the malware.

CoinDesk spoke with Michael Bentley, head of Lookout’s research and response team, who said that the malware presents a new level of sophistication not normally seen in this type of cyberattack, adding that the malware writer knew what he or she was doing.

Said Bentley:

“When [malware authors] are looking into protecting the phone, making sure certain conditions exist, and making sure you’re participating in a pool, it tells us that they are a more experienced developer.”

Botnet development

The writer of BadLepricon used a stratum mining proxy that lets the botnet operator control where bitcoins are being sent and which nodes are being mined.

Additionally, BadLepricon is designed to maximize mining output from a single device. The mining program only runs when the display is off and when the battery life is greater than 50%. This also acts to protect the phone from heat damage, which masks one of the major symptoms of a mobile-based mining malware attack. It appears that some users may have been affected.

According to Lookout, the apps had an average of 100-500 downloads before the malware was discovered.

Bentley remarked that, ultimately, these types of attacks don’t produce enough hashing power to actually solve a block or produce bitcoins. However, he expects program authors to develop more botnet-style mining malware in the future.

He said:

“As cellphone power increases, and as devices are [more] available, it’s a logical next step.”

Recent attacks

While the majority of bitcoin malware programs are focused on hacking wallets, mining malware attacks do present a threat to computer systems that can be exploited for hashing power. This was shown in a recent study published by Kapersky Labs.

Iowa State University announced this week that it had discovered a server breach that compromised student data. The school stated that the malware was designed to mine bitcoins, although it is unclear if the effort was successful.

BadLepricon is also not the first type of malware to disguise itself on the Google Play store. Earlier this year, two malicious apps were discovered that turned affected mobile devices into dogecoin and litecoin miners.

Password security image via Shutterstock.