Android: 170 cryptocurrency mining applications singled out

Over 170 mobile apps in the Android ecosystem have been identified as scam services meant to catch the cryptocurrency bandwagon. Lookout researchers this week denounced 170 apps, 25 of which were hosted on Google Play, as scams for users interested in mining cryptocurrency.

In exchange for remuneration, these mobile applications promise to perform cryptocurrency mining on behalf of subscribers. As a reminder, cryptocurrency mining uses computing power – from a personal device or a rented system – to solve computer and cryptographic puzzles, and coins are received in return. However, the power required for many types of cryptocurrency is now more than a personal PC can handle, meaning that individuals can join mining pools, thereby sharing the work – and the revenue that goes with it.

Lookout has analyzed every cryptocurrency mining application that has appeared on its radar. As a result, none of them performed any legitimate cloud-based cryptocurrency mining. In other words, users paid for a non-existent service.

Bitscams and Cloudscams

There are two broad categories of fraudulent applications involved in these systems, categorized by researchers as “BitScams” and “CloudScams”. CloudScams provide mining options using the power of cloud computing, and it’s common for developers to create realistic-looking mining services to appear legitimate. BitScams, for their part, are mobile applications offering users additional “virtual hardware” – for prices between $ 12.99 and $ 259.99 – which promise additional mining returns.

Payments can be made either through Google Play or direct transfers from Bitcoin (BTC) and Ethereum (ETH) to developer wallets. Both types of apps use similar business models, but there are groups behind the apps that appear to be competing forces. According to Lookout, more than 93,000 people have been defrauded in this way. And estimate the loot at $ 350,000 or more from users who paid for bogus apps and upgrades, based on the average “subscription” price charged by apps and installation rates.

“What has allowed these BitScams and CloudScams applications to go under the radar is that they don’t do anything really malicious,” the researchers explain. “In fact, they hardly do anything at all. They are just typos to collect money for services that don’t exist. After Google learned of Lookout’s findings, the offending apps hosted on Google Play were quickly removed.