New Bitcoin Mining Malware Found on Android, BadLepricon

It has been discovered in a series of wallpaper apps in Google Play Store

  BadLepricon Bitcoin mining malware found on Android
As Android’s popularity grows even more around the world, more and more cybercriminals are targeting the operating system, and a new piece of malware has recently been discovered to have made it inside some applications in the Google Play Store.

As Android’s popularity grows even more around the world, more and more cybercriminals are targeting the operating system, and a new piece of malware has recently been discovered to have made it inside some applications in the Google Play Store.

Called BadLepricon, the new malware was designed to quietly mine for Bitcoin, thus impacting the handset’s battery and performance capabilities.

The guys over at Lookout have found the malicious code packed inside wallpaper apps. Five such applications have been found and removed by Google, each of them with between 100-500 installs at the time of the removal.

Similar digital currency mining malware was discovered in the Google Play Store several weeks back, namely CoinKrypt, which was specialized on coins such as Litecoin, Dogecoin, and Casinocoin, but the new piece of software appears to be much different.

In fact, Lookout explains that BadLepricon was designed to constantly check the phone’s battery level, connectivity, and whether the phone’s display was on or not. It did so every 5 seconds, so as to have constant insight on the handset’s status.

In this way, BadLepricon ensured that it did not use a smartphone to the point where it would damage it. Thus, it makes sure that the handset’s battery is charged at least at 50 percent, that the display is turned off, and that the handset has network connectivity.

“If you’re a piece of malware, watching the phone’s battery power is a good way of hiding your activities as well. BadLepricon also uses a WakeLock, or a feature that makes sure the phone doesn’t go to sleep even if the display is turned off,” Lookout explains.

Moreover, the malware has been found to make use of a Stratum mining proxy, which allows its author to easily change mining pools, as well as connections to Bitcoin wallets. Furthermore, it provides some anonymity to the author, by obfuscating which wallet is being fed the mined Bitcoins.

This is a common practice when it comes to controlling thousands of bots, as the proxy is used by cybercriminals as a point of contact with them.

Due to the fact that mobile phones are packing increasingly more power and processing capabilities, chances are that additional mobile miners will emerge in the not-too-distant future.

“But we need to remember that mobile mining could be a new business model. Instead of being served advertising, people could use a few processing cycles to mine cryptocurrency instead,” Lookout notes.

“We can see a world where that would be tolerated, but in the case of BadLepricon, not alerting the user to your intentions will land you straight in the malware pile.”

In order to protect themselves, users should make sure that their Android devices do not allow installs from Unknown sources, and that they have a mobile security app installed.

Comments