If your Android phone or tablet has been recently behaving oddly, was showing signs of lower performance, sluggishness, overheating or shorter battery life, you might want to consider removing your latest downloaded apps. It’s quite possible that your device has been infected with bitcoin mining malware called BadLepricon, which was recently found in five wallpaper apps at official Google Play store. This is not the first time and definitely not the last attempt to hijack Android devices for the purpose of the intensive process of mining coins. For security measures you may want to learn how the mining malware works and how you can detect it.
Bitcoin mining malware – How to detect
The infected Android apps which included Mens Club Live Wallpaper, Urban Pulse Live Wallpaper, Epic Smoke Live Wallpaper and Beating Heart Live Wallpaper were removed from the Google Play store as soon as they were discovered, however, by the time it happen between 100 and 500 users have downloaded each app which adds up to over a thousand of compromised phones.
The apps with bitcoin mining malware at first sight looked innocent, since they functioned as they were expected to, that is by providing decent quality live wallpapers. They did, however, much more that than. Each of the apps used the infected device to mine virtual currency and they did so in a way that would minimize the chances of the user noticing of suspicious activity. BadLepricon was mining bitcoins only when the battery level was at 50 percent or higher and the screen was off. In this way users were less likely to discover reduced battery life and increased production of heat which are common results of virtual coin mining.
BadLepricon is a quite smart piece of malware. It contains Stratum proxy that allows its authors not only to easily change mining pools but also to connect to bitcoin wallets and to work in unison with others. BadLepricon also includes a feature known as WakeLock which prevents the infected device from going to sleep even when the display is off.
Alarming is the fact that it Google wasn’t the one who discovered BadLepricon malware but third-party researchers from anti-malware company called Lookout. Moreover, it’s not the first time that similar attempt on users’ Android devices took place. Two months ago researchers from Trend Micro came across two apps (Prized, Songs) that were mining litecoin and dogecoin virtual currencies, obviously without informing users about the process. These apps were downloaded almost five million times.
The official Google Play store is the first destination where Android smartphone and tablet users turn to when they look for new apps. Increasing frequency of malware encounters is definitely not confidence-inspiring, however, we hope that Google will take better measures to make sure that Android devices are more secure in the future. At this moment, if you have noticed that your phone slows down, heats up, or battery life drains faster than usual, you might want to check the apps you have installed as you may be the victim of the coin mining malware.