A new malware that hijacks Android mobile phones to mine bitcoins has been identified in 5 different Google Play browser plug-ins. The malware, dubbed “BadLepricon” by mobile security start-up Lookout, consumed users’ mobile devices as hackers undertook the intensive process of mining bitcoins.
Lookout reports that anywhere from 100-500 devices that downloaded the tainted wallpaper apps have been affected. After being alerted about the security breach, Google promptly removed all 5 applications.
Beyond that, a few reddit users explain how the malware actually hacked into their bitcoin wallets as they were dealing with transactions. One bitcoiner even lost his life savings: “Tried to send my 60 BTC from Coinbase to cold storage. Just lost everything.”
Meghan Kelley, a Lookout security communications manager explained BadLepricon’s moves in a blog post on Thursday:
These apps did fulfill their advertised purpose in that they provided live wallpaper apps, which vary in theme from anime girls to “epic smoke” to attractive men. However, without alerting you in the terms of service, BadLepricon enters into an infinite loop where — every five seconds — it checks the battery level, connectivity, and whether the phone’s display was on.”
Lookout explained how the malware would avoid using too much processing power of the mobile devices:
“Miners, when left unchecked, can damage a phone by using so much processing power that it burns out the device. In order to avoid this, BadLepricon makes sure that the battery level is running at over 50 percent capacity, the display is turned off, and the phone network connectivity.”
Furthermore, BadLepricon also includes a feature called WakeLock which would prevent devices from going to sleep despite their displays being switched off. It also employs a stratum mining proxy, which makes it easy for hackers to easily breeze between mining pools, as well as connect to Bitcoin wallets in a more or less secretive manner.
Just last month researchers from Trend Micro discovered that one to five million Android users downloaded two apps that mined Dogecoin and Litecoin without informing the end users.
As the PR headache for Google continues as they remove the apps, one can only wonder why the tech juggernaut can’t be on top of this malware before other third parties detect them.