Coindesk Logo

Google Pulls Five Mobile Wallpaper Apps Due to Bitcoin Mining Malware

Google Pulls Five Mobile Wallpaper Apps Due to Bitcoin Mining Malware

Google Pulls Five Mobile Wallpaper Apps Due to Bitcoin Mining Malware

Newly discovered bitcoin mining malware shows a greater degree of sophistication, says mobile security firm Lookout.

Newly discovered bitcoin mining malware shows a greater degree of sophistication, says mobile security firm Lookout.

Newly discovered bitcoin mining malware shows a greater degree of sophistication, says mobile security firm Lookout.

AccessTimeIconApr 24, 2014, 10:56 PM
Updated Sep 3, 2021, 11:59 AM

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Lookout, a mobile security startup based in San Francisco, has identified a new type of bitcoin mining malware that targets mobile devices. Dubbed 'BadLepricon', the malware represents a more sophisticated type of mining malware attack than previously seen.

The malware was designed to be delivered via a wallpaper app. Lookout identified five separate apps that contained BadLepricon, and Google removed the apps soon after being contacted by the mobile security firm.

The company announced the discovery in a 24th April blog post, citing the specifics of the malware.

CoinDesk spoke with Michael Bentley, head of Lookout’s research and response team, who said that the malware presents a new level of sophistication not normally seen in this type of cyberattack, adding that the malware writer knew what he or she was doing.

Said Bentley:

“When [malware authors] are looking into protecting the phone, making sure certain conditions exist, and making sure you’re participating in a pool, it tells us that they are a more experienced developer.”

Botnet development

The writer of BadLepricon used a stratum mining proxy that lets the botnet operator control where bitcoins are being sent and which nodes are being mined.

Additionally, BadLepricon is designed to maximize mining output from a single device. The mining program only runs when the display is off and when the battery life is greater than 50%. This also acts to protect the phone from heat damage, which masks one of the major symptoms of a mobile-based mining malware attack. It appears that some users may have been affected.

According to Lookout, the apps had an average of 100-500 downloads before the malware was discovered.

Bentley remarked that, ultimately, these types of attacks don’t produce enough hashing power to actually solve a block or produce bitcoins. However, he expects program authors to develop more botnet-style mining malware in the future.

He said:

“As cellphone power increases, and as devices are [more] available, it’s a logical next step.”

Recent attacks

While the majority of bitcoin malware programs are focused on hacking wallets, mining malware attacks do present a threat to computer systems that can be exploited for hashing power. This was shown in a recent study published by Kapersky Labs.

announced this week that it had discovered a server breach that compromised student data. The school stated that the malware was designed to mine bitcoins, although it is unclear if the effort was successful.

BadLepricon is also not the first type of malware to disguise itself on the Google Play store. Earlier this year, two malicious apps were discovered that turned affected mobile devices into dogecoin and litecoin miners.

Password security image via Shutterstock.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.