Bogus Cryptomining Apps Infest Google Play

upnorth

Moderator
Thread author
Verified
Staff member
Malware Hunter
Well-known
Jul 27, 2015
4,858
Google has removed eight deceptive mobile apps from the Play Store that masquerade as cryptocurrency cloud-mining applications but which really exist to lure users into expensive subscription services and other fraudulent activity.

They may have been removed, but researchers at Trend Micro noted that upon searching the keywords “cloud mining” on Google Play, several concerning applications of the same type remain in place. These fake Android apps target those interested in earning virtual coins by urging them to invest money into a cloud-mining operation. All eight recently removed apps turned out to harbor one of two malwares, detected as FakeMinerPay and FakeMinerAd. “We discovered that these malicious apps only trick victims into watching ads, paying for subscription services that have an average monthly fee of $15, and paying for increased mining capabilities without getting anything in return,” according to Cifer Fang, a researcher at Trend Micro, in a posting on Wednesday.
Trend Micro’s analysis showed that no actual mining activity was carried out by the apps – rather, “fake mining activity on the apps’ user interface (UI) is carried out via a local mining simulation module that includes a counter and some random functions.” Nonetheless, the apps persist in their ruse, prompting users to pay in-app for supposedly increased cryptocurrency-mining capabilities – a “service” that ranges from $14.99 to as high as $189.99.