Malicious hackers are always on the lookout for ways to make money without expending much effort, but their latest antics may yield more melted smartphones than actual money. Some innocuous-sounding Android apps apparently contain hidden software that "mines" the cryptocurrencies Bitcoin, Litecoin and Dogecoin; doing so can shorten battery life and overheat devices, but won't make much money in the process.
Reports of two similar — and possibly related — Android malware packages come from San Francisco-based security firm Lookout and Tokyo-based security firm Trend Micro. By piggybacking on apps with legitimate functions, the ANDROIDOS_KAGECOIN and CoinKrypt malware can turn any Android device into a cryptocurrency miner.
MORE: What Is Bitcoin?
Bitcoin, Litecoin and Dogecoin all share a few distinguishing traits. Proponents argue that they are safer than traditional credit-card purchases, as they do not tie a buyer to his or her personal information. Mining, or producing, cryptocurrency is, in theory, a mutually beneficial process: You volunteer your computer to carry out complex mathematical calculations, and in return, you slowly build up your own stock of coins.
Bitcoin is the most prominent form of cryptocurrency. Litecoin is a less valuable, more user-friendly version of the same idea, while Dogecoin started as a joke about a popular Internet meme involving a Shiba Inu dog and evolved into something approximating a legitimate form of currency.
What's troubling is when coin-mining programs come hidden in other programs. Corrupted versions of Android apps such as Football Manager Handheld, TuneIn Radio, Songs and Prized allegedly hide the ANDROIDOS_KAGECOIN and CoinKrypt software. Not only have some of these apps successfully made it past the theoretically rigorous Google Play screening process, but all four have millions of downloads among them. At least two were still available for installation in the Google Play store this morning (March 27).
The coin-mining malware cannot compromise any personal data, but they can still pose a threat to Android devices. Coin-mining software is extremely resource-intensive, especially when mining Bitcoin, and generally designed for powerful PCs.
While it's possible to run coin-mining processes on a phone or tablet, doing so rapidly drains the battery life within hours and can cause severe overheating. (At least one of the malware packages mines coins only when a device is recharging.) Since it transmits a great deal of information online, it can also eat through a user's data plan at a fantastic rate.
In theory, if enough users install and use these programs, the mastermind behind the malware could make some money. However, even with millions of users, generating enough data to mine Bitcoins would be incredibly inefficient. This may be why both malware packages also mine less valuable currencies, like Litecoin and Dogecoin, which require fewer functions to generate a coin.
If you've downloaded one of the infected apps, simply uninstalling it should get rid of the mining operation. Failing that, a mobile security suite can also get rid of the offending software.