- Jan 24, 2011
- 9,378
Is your smartphone running low on battery for seemingly no reason? Are things taking longer to render or load? Your gadget could be secretly mining bitcoins, thanks to a piece of mobile malware in Google Play that quietly uses an Android phone’s processing power, while hiding behind innocuous-seeming wallpaper apps.
Lookout Software uncovered the bug, dubbed “BadLepricon,” after which Google removed five applications that were incorporating it. The apps had between 100 to 500 installs each at the time of removal.
“And yes, that is how the malware authors spelled ‘leprechaun,’” wrote Lookout researcher Meghan Kelly, in a blog detailing the infection. “We hope they were going for a clever play on the word ‘con.’”
Although the wallpaper apps did indeed offer live wallpaper featuring everything from anime to hot men, behind the scenes BadLepricon begins checking the battery level, connectivity and whether the phone’s display was on, every five seconds.
“It does this almost as a courtesy to your phone,” Kelly said. “Miners, when left unchecked, can damage a phone by using so much processing power that it burns out the device. In order to avoid this, BadLepricon makes sure that the battery level is running at over 50 percent capacity, the display is turned off, and the phone network connectivity.”
She added, “BadLepricon also uses a WakeLock, or a feature that makes sure the phone doesn’t go to sleep even if the display is turned off.”
The misspelling of “leprechaun” notwithstanding, the authors may not be that clever in other ways either, considering that bitcoin mining takes a lot more than a few hundred mobile devices to be lucrative.
“A phone’s computing power doesn’t actually result in that many coins,” Kelly said. “Every coin has a difficulty rate, which is determined by the amount of computing power needed to mine that coin and other factors. The difficulty for bitcoin is so tough right now that a recent mining experiment using 600 quad-core servers was only able to generate 0.4 bitcoins over one year.”
Because of these difficulty levels, miners tend to work in groups, pooling their processing resources and collecting payment as a percentage of the processing power they contribute. It’s unclear whether this particular gambit is part of a pool, however.
“In order to control the sometimes thousands of bots, the malware author may use a proxy to set up one point of contact,” Kelly explained. “BadLepricon uses a Stratum mining proxy, allowing the author to easily change mining pools or connections to bitcoin wallets with ease. It also gives the malware author some anonymity by obfuscating which wallet is being fed the mined bitcoins.”
Read more: http://www.infosecurity-magazine.com/view/38133/android-wallpaper-apps-hide-bitcoin-mining-malware/
Lookout Software uncovered the bug, dubbed “BadLepricon,” after which Google removed five applications that were incorporating it. The apps had between 100 to 500 installs each at the time of removal.
“And yes, that is how the malware authors spelled ‘leprechaun,’” wrote Lookout researcher Meghan Kelly, in a blog detailing the infection. “We hope they were going for a clever play on the word ‘con.’”
Although the wallpaper apps did indeed offer live wallpaper featuring everything from anime to hot men, behind the scenes BadLepricon begins checking the battery level, connectivity and whether the phone’s display was on, every five seconds.
“It does this almost as a courtesy to your phone,” Kelly said. “Miners, when left unchecked, can damage a phone by using so much processing power that it burns out the device. In order to avoid this, BadLepricon makes sure that the battery level is running at over 50 percent capacity, the display is turned off, and the phone network connectivity.”
She added, “BadLepricon also uses a WakeLock, or a feature that makes sure the phone doesn’t go to sleep even if the display is turned off.”
The misspelling of “leprechaun” notwithstanding, the authors may not be that clever in other ways either, considering that bitcoin mining takes a lot more than a few hundred mobile devices to be lucrative.
“A phone’s computing power doesn’t actually result in that many coins,” Kelly said. “Every coin has a difficulty rate, which is determined by the amount of computing power needed to mine that coin and other factors. The difficulty for bitcoin is so tough right now that a recent mining experiment using 600 quad-core servers was only able to generate 0.4 bitcoins over one year.”
Because of these difficulty levels, miners tend to work in groups, pooling their processing resources and collecting payment as a percentage of the processing power they contribute. It’s unclear whether this particular gambit is part of a pool, however.
“In order to control the sometimes thousands of bots, the malware author may use a proxy to set up one point of contact,” Kelly explained. “BadLepricon uses a Stratum mining proxy, allowing the author to easily change mining pools or connections to bitcoin wallets with ease. It also gives the malware author some anonymity by obfuscating which wallet is being fed the mined bitcoins.”
Read more: http://www.infosecurity-magazine.com/view/38133/android-wallpaper-apps-hide-bitcoin-mining-malware/
